Category Archives: Posts

kubernetes.io web terminal root shell

Recently, I’ve been reading up on containers and kubernetes. I have just discovered this. It just seems like it could be easily abused:

No authentication necessary. You simply click on Launch Terminal and you’ll get a root shell with full internet access.

https://kubernetes.io/docs/tutorials/hello-minikube/

(This is a frame from https://www.katacoda.com/ )

abuseipdb.com – ip list – IP Blacklists

Here is a list of known ‘malicious’ IPs from abuseipdb.com. It is updated daily. It’s in a list/plaintext format that should be easy to integrate.

http://zitstif.com/badips.txt

http://zitstif.no-ip.org/badips.txt

Sha256sum:

http://zitstif.com/badipsHash.txt

http://zitstif.no-ip.org/badipsHash.txt

#Update 11/10/2019

Here are a list of offending IPs that have targeted my honeypot I have setup. This will be updated daily as well:

http://zitstif.com/badIpsHoney.txt

http://zitstif.no-ip.org/badIpsHoney.txt

Sha256sum:

http://zitstif.com/badIpsHoneyHash.txt

http://zitstif.no-ip.org/badIpsHoneyHash.txt

#Update 11/13/2019

Here’s another list of IPs that have offended the WAF I use:

http://zitstif.com/WAFips.txt

http://zitstif.no-ip.org/WAFips.txt

Sha256sum:

http://zitstif.com/WAFipsHash.txt

http://zitstif.no-ip.org/WAFipsHash.txt

#Update 11/20/2019

Here’s a great post that has a bunch of lists that can be used:

https://docs.danami.com/juggernaut/user-guide/ip-block-lists

#Update 11/26/2019

Another great resource:

http://www.covert.io/threat-intelligence/

#Update 11/30/2019

Here’s another list of IPs from abuse.ch:

http://zitstif.com/abuseChlist.txt

http://zitstif.no-ip.org/abuseChlist.txt

Sha256sum:

http://zitstif.com/abuseCHhash.txt

http://zitstif.no-ip.org/abuseCHhash.txt

#Update 12/2/2019

Black Hat Direcory – Wall of shame list:

http://zitstif.com/BlackHatDirlist.txt

http://zitstif.no-ip.org/BlackHatDirlist.txt

Sha256sum:

http://zitstif.com/BlackHatDirhash.txt

http://zitstif.no-ip.org/BlackHatDirhash.txt

#Update 10/25/2020

Scamalytics Ips

http://zitstif.com/scamIps.txt

http://zitstif.no-ip.org/scamIps.txt

Sha256sum:

http://zitstif.com/scamIpshash.txt

http://zitstif.no-ip.org/scamIpshash.txt

#Update 07/17/2022

http://zitstif.com/crowdsecips.txt

http://zitstif.no-ip.org/crowdsecips.txt

Sha256sum:

http://zitstif.com/crowdsecipsHash.txt

http://zitstif.no-ip.org/crowdsecipsHash.txt

#Update 01/25/2023

http://zitstif.com/zitSSH_honey.txt

http://zitstif.no-ip.org/zitSSH_honey.txt

Sha256sum:

http://zitstif.com/zitSSH_honey_hash.txt

http://zitstif.no-ip.org/zitSSH_honey_hash.txt

#Update 3/12/2023

http://zitstif.com/zitSSH_honey2.txt

http://zitstif.no-ip.org/zitSSH_honey2.txt

Sha256sum:

http://zitstif.com/zitSSH_honey_hash2.txt

http://zitstif.no-ip.org/zitSSH_honey_hash2.txt

#Update 5/25/2024

http://zitstif.no-ip.org/Firewallwaf.txt

http://zitstif.com/Firewallwaf.txt

Sha256sum:

http://zitstif.no-ip.org/Firewallwafhash.txt

http://zitstif.com/Firewallwafhash.txt

#Update 6/24/2024

http://zitstif.no-ip.org/zit_shame_list.txt

http://zitstif.com/zit_shame_list.txt

Sha256sum:

http://zitstif.no-ip.org/zit_shame_list_hash.txt

http://zitstif.com/zit_shame_list_hash.txt

 

 

 

Some quick and easy tools for working with segmented networks/VLANs

Network segmentation can be a great tool for security and compliance. VLANing is a great means of achieving this. However, if you have to work on systems that are cut off from one another via this method, VLANs can become a pain. Here are some tools/websites that I use for working around VLANs to get my job done:

  • Portable storage devices, i.e. external hard drives/flash drives – very handy for when you have physical access
  • RMM tools, i.e. screenconnect, teamviewer, gotoassist, logmein, meshcentral, etc.
  • cl1p.net – The internet clipboard
  • Seashells – pipe standard output to this website and get a random link
  • Firefox Send  – You can upload up to 1GB without needing an account
  • Google Drive – May seem silly but when you’re working in a very well locked down networks that do a lot of content filtering, google usually isn’t blocked
  • A public facing personal SSH server
  • An instant messenger where you can message yourself, like Slack 

I hope this quick post helps some others. Feel free to leave comments below.

#Update 3/26/20: Other useful sites include (securely transferring sensitive information):

 

On-premise Exchange 2010 headaches

If you’ve worked in IT and have inherited other systems and networks to manage, you can definitely relate to having to work with situations that are less than ideal. Best practices can’t always be followed due to various reasons. (One main reason seems to be money related.) I am currently working with a client that has on-premise servers that are all bare metal and under-specced. We are in the process gathering information on their current setup and plan to decommission and consolidate their on-premise servers, and push them to use Office 365 instead.

I hope this post helps someone because I was having next to no luck being able to access the Exchange Management Shell. Oddly, the GUI tool worked fine, but I wanted to run powershell scripts to generate reports on the current configuration of the said Exchange server. Clicking on the powershell management shell for Exchange icon would result in:

I troubleshooted all the suggested steps suggested in the error output and everything appeared to check out fine. I then just tried using a standard powershell prompt to try to authenticate to the local exchange powershell, and started getting errors like:

[ExchServer] Connecting to remote server failed with the following error message : The WinRM client received an HTTP status code of 403 from the remote WS-Management service. For more information, see the about_Remote_Troubleshooting Help topic. + CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc eption + FullyQualifiedErrorId : PSSessionOpenFailed

I found it curious that I was starting to get different error messages and felt like I was starting to get closer to being able to authenticate. What ended up working for me was to issue this command:

$session = new-pssession -configurationName Microsoft.Exchange -connectionuri http://change.me.local/PowerShell/ -Authentication Kerberos -credential $credential 

You are then prompted with a gui logon prompt. Make sure to use Domain\UserName in the username field then use the proper password. Lo and behold, no errors were given and it looks like I was authenticated! To import the exchange powershell modules, issue this command:

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010;

Again, I really hope this helps save someone a headache and time. As for the root of what’s causing the powershell management shell for Exchange icon shortcut to fail, I’m not clear. So at this point this is just a workaround.