Pular para o conteúdo principal

Find out which application is grabbing a linux shortcut

· Leitura de um minuto

Step 1 - Find key modifier names

xmodmap -pm

Step 2 - Execute in a terminal

xdotool keydown "Control_L+Shift_L+P"; xdotool key "XF86LogGrabInfo"; xdotool keyup "P"; sleep 1; xdotool keyup "Shift_L"; xdotool keyup "Control_L"; tail /var/log/Xorg.0.log

kubeconfig file template

· Leitura de um minuto
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <ca.crt>
    server: https://<ip>:<port>
  name: <cluster name>
contexts:
- context:
    cluster:  <cluster name>
    user:  <sa name>
    namespace: <default namespace>
  name:  <cluster name>
current-context:  <cluster name>
kind: Config
preferences: {}
users:
- name:  <sa user name>
  user:
    token: <sa secret token>

Kube dns from desktop via port forward

· Leitura de 3 minutos

This is a copy, please use the original article

Original: kubiosec

  1. Setup port-forwarding

First, we need to create a port-forwarding tunnel. kubectl port-forward currenlty does not support UDP, only TCP. We need to keep this in mind, since DNS uses UDP by default.

sudo kubectl port-forward svc/kube-dns -n kube-system 53:53 &

  1. Using NSLOOKUP

NSLOOKUP requires to set some sort of configuration. First we configure NSLOOKUP to use TCP with the set vc option. Secondly we point NSLOOKUP to use localhost as the new DNS server.

$ nslookup
> set vc
> server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1#53
> set debug
> set q=A

> www.radarhack.com
Server:        127.0.0.1
Address:    127.0.0.1#53

------------
    QUESTIONS:
    www.radarhack.com, type = A, class = IN
    ANSWERS:
    ->  www.radarhack.com
    internet address = 198.199.124.250
    ttl = 30
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name:    www.radarhack.com
Address: 198.199.124.250

> www.default.svc.cluster.local
Server:        127.0.0.1
Address:    127.0.0.1#53

------------
    QUESTIONS:
    www.default.svc.cluster.local, type = A, class = IN
    ANSWERS:
    ->  www.default.svc.cluster.local
    internet address = 10.105.12.40
    ttl = 30
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Name:    www.default.svc.cluster.local
Address: 10.105.12.40
  1. Using DIG
$ dig +tcp @127.0.0.1 www.kubiosec.io

; <<>> DiG 9.10.6 <<>> +tcp @127.0.0.1 www.kubiosec.io
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60803
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.kubiosec.io.        IN    A

;; ANSWER SECTION:
www.kubiosec.io.    30    IN    A    162.159.153.4

;; Query time: 84 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Mar 26 18:58:14 CET 2022
;; MSG SIZE  rcvd: 75

dig +tcp @127.0.0.1 kubernetes.default.svc.cluster.local

; <<>> DiG 9.10.6 <<>> +tcp @127.0.0.1 kubernetes.default.svc.cluster.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28465
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;kubernetes.default.svc.cluster.local. IN A

;; ANSWER SECTION:
kubernetes.default.svc.cluster.local. 30 IN A    10.96.0.1

;; Query time: 13 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Mar 26 18:59:06 CET 2022
;; MSG SIZE  rcvd: 117
  1. Service enumeration

kube-dns also support the SRV record. This record allows you to discover the services a.k.a. ports of specific services. It is also a great hacking trick to list all services in kubernetes, just by using DNS.

$ dig +tcp @127.0.0.1 kubernetes.default.svc.cluster.local

; <<>> DiG 9.10.6 <<>> +tcp @127.0.0.1 kubernetes.default.svc.cluster.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28465
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;kubernetes.default.svc.cluster.local. IN A

;; ANSWER SECTION:
kubernetes.default.svc.cluster.local. 30 IN A    10.96.0.1

;; Query time: 13 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Mar 26 18:59:06 CET 2022
;; MSG SIZE  rcvd: 117

$ dig +noall +answer +tcp @127.0.0.1 srv any.any.svc.cluster.local
any.any.svc.cluster.local. 30    IN    SRV    0 12 80 www.default.svc.cluster.local.
any.any.svc.cluster.local. 30    IN    SRV    0 12 443 kubernetes.default.svc.cluster.local.
any.any.svc.cluster.local. 30    IN    SRV    0 12 53 kube-dns.kube-system.svc.cluster.local.
any.any.svc.cluster.local. 30    IN    SRV    0 12 9153 kube-dns.kube-system.svc.cluster.local.

Reset pacman mirror pool

· Leitura de um minuto
sudo rm /var/lib/pacman/sync/*.sig
sudo pacman-mirrors -c all
sudo pacman -Syy

Docker netstat

· Leitura de um minuto
PID=`docker inspect -f '{{.State.Pid}}' <CONTAINER SHA|ID>`

nsenter -t $PID -n netstat -plant

inline:

nsenter -t $(docker inspect -f '{{.State.Pid}}' <CONTAINER SHA|ID>) -n netstat -plant