Skip to content

Instantly share code, notes, and snippets.

View jasontomasi's full-sized avatar

IntuitiveNZ jasontomasi

  • Wellington, New Zealand
View GitHub Profile

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld

user@internal:~$ hostname -f
internal.company.tld
@heri16
heri16 / bgpd.conf
Last active February 21, 2023 05:40
AWS VPC VPN StrongSwan Virtual Tunnel Interface (VTI)
#@ /etc/quagga/bgpd.conf (Centos & Ubuntu)
hostname <Local OS hostname>
password <Any random phrase>
enable password <Any random phrase>
!
log file /var/log/quagga/bgpd
!debug bgp events
!debug bgp zebra
debug bgp updates
@paalfe
paalfe / CiscoKeyGen.py
Created May 17, 2015 20:45
Cisco IOU License Generator. Originally found at http://www.routingloops.co.uk/cisco/gns3-v1-1-install-on-ubuntu-14-04-lts/, I have done a few changes to it. Make the file executable with " chmod +x CiscoKeyGen.py " and execute it " ./CiscoKeyGen.py ".
#! /usr/bin/python
print "\n*********************************************************************"
print "Cisco IOU License Generator - Kal 2011, python port of 2006 C version"
import os
import socket
import hashlib
import struct
# get the host id and host name to calculate the hostkey
hostid=os.popen("hostid").read().strip()
hostname = socket.gethostname()
@yanknudtskov
yanknudtskov / .htacces
Created May 4, 2014 18:01
Harden WordPress through .htaccess
<files wp-config.php>
order allow,deny
deny from all
</files>
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
@danielcompton
danielcompton / gist:6724333
Created September 27, 2013 04:53
Excel formula for calculating NZ tax paid on annual income.
=IF(B2<=14000,SUM(B2*10.5%),IF(B2<=48000,SUM(B2-14000)*17.5%+1470,IF(B2<=70000,SUM(B2-48000)*30%+7420,IF(B2>=70001,SUM(B2-70000)*33%+14020))))
@vi
vi / simplevpn
Last active February 15, 2023 12:20
simplevpn: Simple IPsec and ipip[6] tunnel configuration for Linux using SSH for key exchange
#!/bin/bash
# Setup encrypted IPv4 tunnel over IPv4 or IPv6 on two Linux nodes using SSH for tunnel setup.
# Requires only ipsec-tools, iproute2, ssh and necessry kernel modules locally and remotely.
# Warning: it flushes IPsec settings both locally and remotely.
# Don't use with other IPsec tunnnels.
# Sample usage:
# simplevpn -6 fc::1 fc::2 ssh -T root@fc::2
@chuckreynolds
chuckreynolds / Wordpress .HTACCESS file
Created June 25, 2009 06:39
Hardened .htaccess file for WP installs
# canonical redirect to no www
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
# protect wp-config at all cost
<files wp-config.php>
Order deny,allow
deny from all
</files>