Jean-Marc Pouchoulon pushou

## winrmcomm.psh
  Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
  $Script='https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'
    (New-Object System.Net.WebClient).DownloadFile($Script,'ConfigureRemotingForAnsible.ps1')
  PowerShell -NoProfile -ExecutionPolicy Bypass -Command ./ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck -EnableCredSSP
  Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False

## gist:3e1fe56094118f2a7f7cc03f03a4cb79
{
	"defaultAction": "SCMP_ACT_ERRNO",
	"architectures": [
		"SCMP_ARCH_X86_64",
		"SCMP_ARCH_X86",
		"SCMP_ARCH_X32"
	],
	"syscalls": [
		{
			"name": "accept",

## gist:3a8a08520ee9895bc9703114ad9c165e
#include <tunables/global>


profile docker-default flags=(attach_disconnected,mediate_deleted) {

  #include <abstractions/base>


  network,
  capability,

## gist:cfa8bc055ea854610901041ece002ebe
source https://book.hacktricks.xyz/linux-hardening/privilege-escalation/linux-capabilities#capabilities-sets

Each process have 5 different sets of capabilities from the list of all capabilities

    Effective — Capabilities used by the kernel to perform permission checks for the thread.
    So if you perform any privileged task and its capability is not in this set,
    it will throw an "Operation not permitted" error. You can check using EPERM enum.
    Permitted — It is a superset for the effective capabilities that the process may assume.
    If the capability is available in this set, a process transitions it to an effective set and drops it later.
    But once a process has dropped capability from the permitted set, it can not re-aquire

## dns-flag.txt
DIG response header:

Flags:
AA = Authoritative Answer
TC = Truncation
RD = Recursion Desired (set in a query and copied into the response if recursion is supported)
RA = Recursion Available (if set, denotes recursive query support is available)
AD = Authenticated Data (for DNSSEC only; indicates that the data was authenticated)
CD = Checking Disabled (DNSSEC only; disables checking at the receiving server)

## gist:af7c70467a30c17edbfb4e81eee75033
import pprint
import itertools
import netaddr
pp=pprint.PrettyPrinter(indent=4)
salle202=netaddr.IPNetwork("10.202.0.0/16")
salle203=netaddr.IPNetwork("10.203.0.0/16")
print("nombre d'ip en salle 203: {}".format(len([str(ip) for ip in salle203 if int(str(ip).split('.')[2]) <= 20])))
licence=netaddr.cidr_merge([salle202,salle203])[0]
print("print 20 premiers réseaux ip des réseaux des salles licence\n")
print('#'*100)

## titanic.csv

          
            PassengerId
            Survived
            Pclass
            Name
            Sex
            Age
            SibSp
            Parch
            Ticket
            Fare
            Cabin
            Embarked

            
              1
              0
              3
              Braund, Mr. Owen Harris
              male
              22
              1
              0
              A/5 21171
              7.25
              
              S

            
              2
              1
              1
              Cumings, Mrs. John Bradley (Florence Briggs Thayer)
              female
              38
              1
              0
              PC 17599
              71.2833
              C85
              C

            
              3
              1
              3
              Heikkinen, Miss. Laina
              female
              26
              0
              0
              STON/O2. 3101282
              7.925
              
              S

            
              4
              1
              1
              Futrelle, Mrs. Jacques Heath (Lily May Peel)
              female
              35
              1
              0
              113803
              53.1
              C123
              S

            
              5
              0
              3
              Allen, Mr. William Henry
              male
              35
              0
              0
              373450
              8.05
              
              S

            
              6
              0
              3
              Moran, Mr. James
              male
              
              0
              0
              330877
              8.4583
              
              Q

            
              7
              0
              1
              McCarthy, Mr. Timothy J
              male
              54
              0
              0
              17463
              51.8625
              E46
              S

            
              8
              0
              3
              Palsson, Master. Gosta Leonard
              male
              2
              3
              1
              349909
              21.075
              
              S

            
              9
              1
              3
              Johnson, Mrs. Oscar W (Elisabeth Vilhelmina Berg)
              female
              27
              0
              2
              347742
              11.1333
              
              S

## scodoc-locust.py
import random
import resource
from locust import HttpUser, task, between
resource.setrlimit(resource.RLIMIT_NOFILE, (65536, 65536))

class QuickstartUser(HttpUser):
    wait_time = between(5, 9)

    def on_start(self):
        self.login_url="https://192.168.1.114:443"

## gist:a1bee521e4d840182920fe6ada41f9c5
mport random
import resource
from locust import HttpUser, task, between
resource.setrlimit(resource.RLIMIT_NOFILE, (65536, 65536))

class QuickstartUser(HttpUser):
    wait_time = between(5, 9)

    def on_start(self):
        self.login_url="https://192.168.1.114:443"

## create-ephemeral-container-in-pod.sh
kind   load docker-image registry.iutbeziers.fr/debianiut:latest
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
  name: debianpod
spec:
  shareProcessNamespace: true
  containers:
  - image: registry.iutbeziers.fr/debianiut:latest
	Get-NetConnectionProfile \| Set-NetConnectionProfile -NetworkCategory Private
	$Script='https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'
	(New-Object System.Net.WebClient).DownloadFile($Script,'ConfigureRemotingForAnsible.ps1')
	PowerShell -NoProfile -ExecutionPolicy Bypass -Command ./ConfigureRemotingForAnsible.ps1 -SkipNetworkProfileCheck -EnableCredSSP
	Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
	{
	"defaultAction": "SCMP_ACT_ERRNO",
	"architectures": [
	"SCMP_ARCH_X86_64",
	"SCMP_ARCH_X86",
	"SCMP_ARCH_X32"
	],
	"syscalls": [
	{
	"name": "accept",
	#include <tunables/global>


	profile docker-default flags=(attach_disconnected,mediate_deleted) {

	#include <abstractions/base>


	network,
	capability,
	source https://book.hacktricks.xyz/linux-hardening/privilege-escalation/linux-capabilities#capabilities-sets

	Each process have 5 different sets of capabilities from the list of all capabilities

	Effective — Capabilities used by the kernel to perform permission checks for the thread.
	So if you perform any privileged task and its capability is not in this set,
	it will throw an "Operation not permitted" error. You can check using EPERM enum.
	Permitted — It is a superset for the effective capabilities that the process may assume.
	If the capability is available in this set, a process transitions it to an effective set and drops it later.
	But once a process has dropped capability from the permitted set, it can not re-aquire
	DIG response header:

	Flags:
	AA = Authoritative Answer
	TC = Truncation
	RD = Recursion Desired (set in a query and copied into the response if recursion is supported)
	RA = Recursion Available (if set, denotes recursive query support is available)
	AD = Authenticated Data (for DNSSEC only; indicates that the data was authenticated)
	CD = Checking Disabled (DNSSEC only; disables checking at the receiving server)
	import pprint
	import itertools
	import netaddr
	pp=pprint.PrettyPrinter(indent=4)
	salle202=netaddr.IPNetwork("10.202.0.0/16")
	salle203=netaddr.IPNetwork("10.203.0.0/16")
	print("nombre d'ip en salle 203: {}".format(len([str(ip) for ip in salle203 if int(str(ip).split('.')[2]) <= 20])))
	licence=netaddr.cidr_merge([salle202,salle203])[0]
	print("print 20 premiers réseaux ip des réseaux des salles licence\n")
	print('#'*100)
PassengerId	Survived	Pclass	Name	Sex	Age	SibSp	Parch	Ticket	Fare	Cabin	Embarked
1	0	3	Braund, Mr. Owen Harris	male	22	1	0	A/5 21171	7.25		S
2	1	1	Cumings, Mrs. John Bradley (Florence Briggs Thayer)	female	38	1	0	PC 17599	71.2833	C85	C
3	1	3	Heikkinen, Miss. Laina	female	26	0	0	STON/O2. 3101282	7.925		S
4	1	1	Futrelle, Mrs. Jacques Heath (Lily May Peel)	female	35	1	0	113803	53.1	C123	S
5	0	3	Allen, Mr. William Henry	male	35	0	0	373450	8.05		S
6	0	3	Moran, Mr. James	male		0	0	330877	8.4583		Q
7	0	1	McCarthy, Mr. Timothy J	male	54	0	0	17463	51.8625	E46	S
8	0	3	Palsson, Master. Gosta Leonard	male	2	3	1	349909	21.075		S
9	1	3	Johnson, Mrs. Oscar W (Elisabeth Vilhelmina Berg)	female	27	0	2	347742	11.1333		S
	import random
	import resource
	from locust import HttpUser, task, between
	resource.setrlimit(resource.RLIMIT_NOFILE, (65536, 65536))

	class QuickstartUser(HttpUser):
	wait_time = between(5, 9)

	def on_start(self):
	self.login_url="https://192.168.1.114:443"
	mport random
	import resource
	from locust import HttpUser, task, between
	resource.setrlimit(resource.RLIMIT_NOFILE, (65536, 65536))

	class QuickstartUser(HttpUser):
	wait_time = between(5, 9)

	def on_start(self):
	self.login_url="https://192.168.1.114:443"
	kind load docker-image registry.iutbeziers.fr/debianiut:latest
	cat <<EOF \| kubectl create -f -
	apiVersion: v1
	kind: Pod
	metadata:
	name: debianpod
	spec:
	shareProcessNamespace: true
	containers:
	- image: registry.iutbeziers.fr/debianiut:latest