Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
Hack the 🌎!

Derek Ditch dcode

💭
Hack the 🌎!
  • Elastic
  • Texas
  • Twitter @dcode
View GitHub Profile
@dcode
dcode / 30-ssdp-relay.sh
Created Jul 10, 2022
Startup script for SSDP mirroring on a UDM Pro
View 30-ssdp-relay.sh
#!/bin/sh
# file: /mnt/data/on_boot.d/30-ssdp-relay.sh
# See https://github.com/unifi-utilities/unifios-utilities
# for info on how to setup on-boot scripts
CONTAINER="ssdp-relay"
# Specify which interfaces to relay, number is VLAN number
INTERFACES="br10 br20"
View direnvrc
# ~/.config/direnv/direnvrc
layout_poetry() {
if [[ ! -f pyproject.toml ]]; then
log_error 'No pyproject.toml found. Use `poetry new` or `poetry init` to create one first.'
exit 2
fi
# create venv if it doesn't exist
poetry run true
@dcode
dcode / ytgif.sh
Last active Dec 8, 2021 — forked from dziban303/ytgif.sh
Convert a section of a YouTube video to an animated GIF
@dcode
dcode / cleanup_workstations.ps1
Created Dec 3, 2021
An example of an unsafe admin script that "gets the job done". DON'T DO THIS!
View cleanup_workstations.ps1
<#
This is an example of how to hack together a script to achieve an objective, but it's a
terrible way to do it. This script was used as a scheduled task in an exercise scenario
to make a plausible mechanism for lateral movement and privilege escalation.
- Don't store passwords in the clear
- Don't run scripts with password-based SSH
- Don't use Posh-SSH to do windows admin tasks, use PS remoting over SSH
Not only does this script store a password in the clear, it passes it to the remote systems
@dcode
dcode / howto_grandstream_device_to_unifi_talk.md
Created Nov 30, 2021
How to setup a Grandstream phone as a device on UniFi Talk
View howto_grandstream_device_to_unifi_talk.md

How to setup Grandstream DP750 for Unifi Talk

I've seen several posts on Reddit and other forums that say "oh you can use a grandstream phone with UniFi Talk and it's flawless". Unfortunately, I am not a VoIP engineer so it was not intuitive to me, but I got it to work. Here's how.

For this writeup, I'm using a Grandstream DP750 DECT base with a DP720 DECT wireless handset. I really wanted a wireless phone for general use in my house, but Ubiquiti doesn't make one, so I wanted to find a way. My goal is to setup UniFi Talk for my home phone solution and share a single phone number with a UniFi wired phone that sits on my office desk. As far as I know, you have to get a UniFi phone to do the initial Talk setup (though, in my tinkering, I noticed it's using a PostgreSQL database, you could probably bypass the initial setup if you knew what you were doing). I'm also using a UDM-Pro for my gateway.

Assuming your UDM-Pro management interface is on 192.168.1.1, your base station should be assigned an IP on a VL

@dcode
dcode / podman_snippets.md
Created Oct 12, 2021
Examples of doing some cool things with podman
View podman_snippets.md

Secrets

Podman now (well, for a while now) has support for secrets. RedHat has a blog about it. This is particularly useful to 1) maintain better compatibility with Kubernetes manifests and 2) keep your secrets out of your git commits!

So, what is not well documented (that I could find) is that you can use these secrets in a Kubernetes manifest to inject secrets into environment variables. To do this, you have to first base64 encode them as you would for an actual Kubernetes secret.

Here, I'm taking a YAML snippet, using yq to make it to JSON, then using jq to create a base64 encoded JSON. Finally, pass that to podman and tell it to create a secret called ec-creds.

@dcode
dcode / eql_snippets.md
Last active Sep 16, 2021
Snippets of EQL for use in Elastic Timelines
View eql_snippets.md

NOTE: These are escaped to work in the Timelines Correlation editor in Security app (namely Kibana escapes the slashes before sending to EQL) as of 7.14.0

  • Search file path using case-insensitive regex.
file where file.path regex~ """C:\\Users\\.*\\APPDATA\\ROAMING\\[A-Za-z0-9_]{96,192}"""
@dcode
dcode / local-mirrors.repo
Created Jan 29, 2021
Quick dirty script to maintain local repo mirrors. Serve up with httpd, nginx, or whatever
View local-mirrors.repo
# Add this file to /etc/yum.repos.d/local-mirrors.repo
# Change the IP below accordingly
[mirror-base]
name=Base mirror
baseurl=http://192.168.100.10/base
enabled=1
cost=500
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
@dcode
dcode / es_stack_cleanup.bash
Created Nov 17, 2020
Kibana and Elasticsearch cleanup
View es_stack_cleanup.bash
# Uses `httpie` since it's more convenient than `curl`
# Uses `jq` to filter JSON response
function clear_kibana() {
ES_DEFAULT='elastic:password'
ES_AUTH="${ES_AUTH:-$ES_DEFAULT}"
KIBANA_DEFAULT="http://${ES_AUTH}@127.0.0.1:5601"
KIBANA_API="${KIBANA_API:-$KIBANA_DEFAULT}"
OBJECTS=$( http GET "${KIBANA_API}/api/saved_objects/_find" \
kbn-xsrf:true \
@dcode
dcode / delete_kibana_saved_objects.bash
Last active Nov 16, 2020
Delete all Kibana saved objects. This is useful if you're developing beats modules or just want to clear out some cruft. Works with 7.x API.
View delete_kibana_saved_objects.bash
#!/bin/bash
# From the docs: https://www.elastic.co/guide/en/kibana/current/saved-objects-api-get.html#saved-objects-api-get-params
# Types can be: visualization, dashboard, search, index-pattern, config, timelion-sheet
# You can also have a map type, which isn't in the docs linked above
export KIBANA_API_URL='http://elastic:password@127.0.0.1:5601'
export OBJECTS=$(curl "${KIBANA_API_URL}/api/saved_objects/_find?fields=id&type=index-pattern&type=visualization&type=dashboard&type=search&type=index-pattern&type=timelion-sheet&type=map&per_page=1000" | jq -rc '.saved_objects[] | {"type": .type, "id": .id } | @base64')
# Loops through the base64-encoded JSON objects