dcode

dcode

<# 
This is an example of how to hack together a script to achieve an objective, but it's a 
terrible way to do it. This script was used as a scheduled task in an exercise scenario
to make a plausible mechanism for lateral movement and privilege escalation.

- Don't store passwords in the clear
- Don't run scripts with password-based SSH
- Don't use Posh-SSH to do windows admin tasks, use PS remoting over SSH

Not only does this script store a password in the clear, it passes it to the remote systems

dcode

How to setup Grandstream DP750 for Unifi Talk

I've seen several posts on Reddit and other forums that say "oh you can use a grandstream phone with UniFi Talk and it's flawless". Unfortunately, I am not a VoIP engineer so it was not intuitive to me, but I got it to work. Here's how.

For this writeup, I'm using a Grandstream DP750 DECT base with a DP720 DECT wireless handset. I really wanted a wireless phone for general use in my house, but Ubiquiti doesn't make one, so I wanted to find a way. My goal is to setup UniFi Talk for my home phone solution and share a single phone number with a UniFi wired phone that sits on my office desk. As far as I know, you have to get a UniFi phone to do the initial Talk setup (though, in my tinkering, I noticed it's using a PostgreSQL database, you could probably bypass the initial setup if you knew what you were doing). I'm also using a UDM-Pro for my gateway.

Assuming your UDM-Pro management interface is on 192.168.1.1, your base station should be assigned an IP on a VL

dcode

Secrets

Podman now (well, for a while now) has support for secrets. RedHat has a blog about it. This is particularly useful to 1) maintain better compatibility with Kubernetes manifests and 2) keep your secrets out of your git commits!

So, what is not well documented (that I could find) is that you can use these secrets in a Kubernetes manifest to inject secrets into environment variables. To do this, you have to first base64 encode them as you would for an actual Kubernetes secret.

Here, I'm taking a YAML snippet, using yq to make it to JSON, then using jq to create a base64 encoded JSON. Finally, pass that to podman and tell it to create a secret called ec-creds.

dcode

NOTE: These are escaped to work in the Timelines Correlation editor in Security app (namely Kibana escapes the slashes before sending to EQL) as of 7.14.0

• Search file path using case-insensitive regex.

file where file.path regex~ """C:\\Users\\.*\\APPDATA\\ROAMING\\[A-Za-z0-9_]{96,192}"""

dcode

# Add this file to /etc/yum.repos.d/local-mirrors.repo
# Change the IP below accordingly

[mirror-base]
name=Base mirror
baseurl=http://192.168.100.10/base
enabled=1
cost=500
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

dcode

# Uses `httpie` since it's more convenient than `curl`
# Uses `jq` to filter JSON response
function clear_kibana() {
    ES_DEFAULT='elastic:password'
    ES_AUTH="${ES_AUTH:-$ES_DEFAULT}"
    KIBANA_DEFAULT="http://${ES_AUTH}@127.0.0.1:5601"
    KIBANA_API="${KIBANA_API:-$KIBANA_DEFAULT}"

    OBJECTS=$( http GET "${KIBANA_API}/api/saved_objects/_find" \
        kbn-xsrf:true \

dcode

#!/bin/bash

# From the docs: https://www.elastic.co/guide/en/kibana/current/saved-objects-api-get.html#saved-objects-api-get-params
# Types can be: visualization, dashboard, search, index-pattern, config, timelion-sheet
# You can also have a map type, which isn't in the docs linked above

export KIBANA_API_URL='http://elastic:password@127.0.0.1:5601'
export OBJECTS=$(curl "${KIBANA_API_URL}/api/saved_objects/_find?fields=id&type=index-pattern&type=visualization&type=dashboard&type=search&type=index-pattern&type=timelion-sheet&type=map&per_page=1000" | jq -rc '.saved_objects[] | {"type": .type, "id": .id } | @base64')

# Loops through the base64-encoded JSON objects

dcode

version: '2'

services:
  zookeeper:
    image: 'docker.io/bitnami/zookeeper:3-debian-10'
    ports:
      - '2181:2181'
    networks:
      - 'data-tier'
    volumes:

dcode

#Copyright 2018 Google, Inc.  All Rights Reserved.

<#
.SYNOPSIS
  Script to install specific driver.
.DESCRIPTION
  Script will add certs from the driver to TrustedPublisher store and
  install driver with pnputil.

  NOTE: The script needs to be run with admin priviledge.