Skip to content

Instantly share code, notes, and snippets.

View dualfade's full-sized avatar
💭
Fart Sound.

dualfade

💭
Fart Sound.
40 followers · 5 following
View GitHub Profile
@dualfade
dualfade / node graphql introspection
Created December 9, 2021 18:56
// ref --
// https://bit.ly/3rRPy2m
// https://github.com/graphql/graphql.github.io/tree/source/src/content/graphql-js
const path = require("path");
const fs = require("fs");
// const fetch = require("node-fetch");
const fetch = (...args) => import('node-fetch').then(({default: fetch}) => fetch(...args));
const {
@dualfade
dualfade / intercept-network-requests.js
Created December 8, 2021 14:34 — forked from benjamingr/intercept-network-requests.js
function interceptNetworkRequests(ee) {
const open = XMLHttpRequest.prototype.open;
const send = XMLHttpRequest.prototype.send;
const isRegularXHR = open.toString().indexOf('native code') !== -1;
// don't hijack if already hijacked - this will mess up with frameworks like Angular with zones
// we work if we load first there which we can.
if (isRegularXHR) {
@dualfade
dualfade / wss injection testing --
Last active October 19, 2021 16:55
#!/usr/bin/env python
# ws_inj_server.py
# @dualfade
# inspired by --
# https://bit.ly/3FCA1I4
"""
Tunnel SocketServer() to websocket() JSON inj--
sqli / nosqli / fuzz --
@dualfade
dualfade / gist:f55ff9ac0aa4adfc31c24f952e8b4e42
Created May 8, 2021 22:45
tar wildcard rev shell --
[2] % gtfo -b tar
_ _ _ __
_| || |_ | | / _|
|_ __ _| __ _| |_| |_ ___
_| || |_ / _` | __| _/ _ \
|_ __ _| | (_| | |_| || (_) |
|_||_| \__, |\__|_| \___/
__/ |
|___/
@dualfade
dualfade / docker ufw --
Last active November 5, 2021 05:38
BlackArch / ArchLinux Latest --
Docker UFW issues --
## This is not working anymore with docker-compose --
## see below --
docker.json update --
% cat /etc/docker/daemon.json
{
"iptables": false
@dualfade
dualfade / neovim-init.vim blackarch --
Last active June 11, 2020 01:55
# spacevim pissing me off --
# moving to neovim-init / blackarch --
# orig --
# https://github.com/Optixal/neovim-init.vim
# refs --
# https://github.com/neoclide/coc.nvim
# https://github.com/VundleVim/Vundle.vim
Note:
@dualfade
dualfade / kubernetes pod injection --
Last active April 26, 2020 05:33
Post request to cluster --
Most articles talked about using "default" as the namespace;
this target needed a very specific namespace to be used because of the token and privileges.
% curl -sk -v -H 'Authorization: Bearer eyJhbHbiOiJSUzI1NiIsImtpZCI6InpR[full_jwt]4bGRe83bt6f_jPs1RXMKt3RnQd5ugveZfw' 'https://poc.somehackeddomain.com:6443/api/v1/namespaces/HACKED_NAMESPACE/pods' -H 'Content-Type: application/json' -d @5h3ll3x.json
yaml pod template --
Convert to json for proper injection --
Obviously you have to have enough privileges to use hostPath --
This particular pen-test aws was breached compromising the kube-system jwt and then the json reverse shell was
@dualfade
dualfade / dot screenrc
Created April 22, 2020 17:11
# GNU Screen - main configuration file
# Allow bold colors - necessary for some reason
attrcolor b ".I"
# Tell screen how to set colors. AB = background, AF=foreground
termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
# Enables use of shift-PgUp and shift-PgDn
termcapinfo xterm|xterms|xs|rxvt ti@:te@
@dualfade
dualfade / termite config --
Created April 12, 2020 15:27
# ~/.config/termite/config
[options]
allow_bold = true
font = Hack Nerd Font 8
icon_name = termite
scrollback_lines = 10000
[colors]
foreground = #c0c5ce
@dualfade
dualfade / Caps --
Last active February 9, 2021 21:24
file with cap_setuid+ep ??
user with perms to make it so == root
Just some notes --
[user@lemur tmp]$ hostname ; id
lemur
uid=1001(user) gid=1001(user) groups=1001(user)
[user@lemur tmp]$ sudo -l
Matching Defaults entries for user on this host: