https://snyk.io/learn/kubernetes-security/

https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/

The default directory after starting parrotsec container is the filesystem root directory, which cannot run msfconsole. Change to home directory using cd and run metasploit afterwards.

1
2

docker run --rm -it -w /root parrotsec/security

Symlinked files are not working properly from the start. Taking msfconsole for example, when running container from image parrotsec/security, it will get stuck if we immediately execute msfconsole once logged in, but we can mitigate the problem by first change into the directory where msfconsole really locates, then execute it from there.

1
2
3
4
5
6
7
8
9
10

docker run --rm -it parrotsec/security
# it will stuck
msfconsole
# note the following will also stuck
/usr/share/metasploit-framework/msfconsole
# instead let's first change directory
cd /usr/share/metasploit-framework
# then invoke the binary
./msfconsole

0day exploit finder recon

学校后台漏洞

edusrc 0day

bluecms 0day

adb over wifi always on

warning: could be dangerous cause adb remote connections seem without any password. consider protect that with some proxy.

turning on:

1
2
3
4

setprop service.adb.tcp.port 5555
stop adbd
start adbd

turning off:

1
2
3
4

setprop service.adb.tcp.port -1
stop adbd
start adbd

set things under /data/adb/services.d/ and make them executable

1
2
3

mount -o remount,rw /
# then you can modify /sytem/etc/init.d, but not /system/bin cause it is a copy of /data/system/bin. you should create script there.

create this under /system/etc/init.d/

1
2
3
4
5
6
7

service adb_wifi_enable /system/bin/adb_wifi_enable.sh
disabled
oneshot
seclabel u:r:magisk:s0
on property:sys.boot_completed=1
start adb_wifi_enable

计算句子相关度 计算下一句话的可能性 predict next sentence probability

bing search entries

next sentence prediction using bert

github topic next semtence prediction

grammar checker, sentence corrector

languagetool rule based grammar error checker repo

chatterbot retrain issue

train chatterbot with the recent knowledge

sql schema:

additional notices, about delivery efficiency

正在刷屏的群里面也不能发消息 不能确保对象是否收到消息

Yukio 12:46:35

今天mitm有个问题

Yukio 12:46:43

mitm的两个人

Yukio 12:46:48

都不能屏蔽我

Yukio 12:46:53

不然mitm失效

Yukio 12:47:22

但是我现在不知道这个怎么看别人屏蔽我没有

Yukio 12:47:28

可能以后就知道了

Yukio 12:49:17

我可以获取群禁言情况

mitmchat with video and text how to get embedding?

Yukio 18:40:25

mitmchat的定义

Yukio 18:41:31

在同一个时间段内 把正在讨论相同话题 但是不认识的两个人 互相传话一段时间并断开

Yukio 18:42:28

多个mitmchat的定义

Yukio 18:43:26

多个mitm的话 所有被mitm的对象

Yukio 18:43:33

都不能相互认识

Yukio 18:43:56

也就是两两不认识 两两不在同一个群里面

Yukio 18:44:40

delayed mitmchat

Yukio 18:45:08

也就是a和b不在同一个时间段内

Yukio 18:45:22

根据b现在的内容

Yukio 18:45:29

回复a之前的内容

Yukio 18:47:46

所有的mitmchat

Yukio 18:47:57

前提都是a和b互相不认识

Yukio 18:49:01

也不能是它自己

Yukio 18:55:51

所以分为两种

Yukio 18:56:00

Yukio 18:56:12

instant mitm和delayed mitm

Yukio 18:56:37

delayed就是话传不回去

Yukio 18:57:10

只能传回机器人 机器人没有反馈机制那么就不会像人

Yukio 19:08:40

像这种图片 怎么个embedding 图片要能做clip才行

Yukio 19:13:06

起止时间确定

Yukio 19:15:01

如果不能本地部署clip模型 也得利用图片反向搜索 获得图片的关键词才行

Yukio 19:16:18

图片反查 然后bm25 textrank

Yukio 19:16:34

获得是否在讨论相同话题的判断

not possible. use personal access token as password instead.

cause the deploy public key does not allow duplicate public key, causing trouble for us to use the git repo sync tool.

1
2
3
4

PRIVATE_KEY_PATH=/Users/jamesbrown/.notable/id_rsa_original_backup
PUBKEY_PATH=/Users/jamesbrown/.notable/id_rsa.pub2
ssh-keygen -y -f $PRIVATE_KEY_PATH > $PUBKEY_PATH

clash has relay config option which functions like proxychains.

suggest to enable multiple v2ray client/servers which talk to each other but only visit the network with one single outbound. maybe like the onion router.

if you install p2p server nodes on primary server (with hard-to-crack password and proper configs (no brute-forcing)?) you might want to add that (n2n) server node at home.

p2p network

nps also supports p2p

(deprecated! does not pass the connectivity test) opengnb p2p network, faster than n2n v3, can run without public ip

gost as an frp alternative

turned out n2n is necessary, since the speed comparasion strongly disencourage the usage of frp directly.

n2n test commands, using compatible v3 protocol to communicate:

supernode v3: n2n.laiyx.win:10090

warning: it is useless to add multiple supernodes.

1
2
3

-l nton.eu.org:10090 -l n2n.lu8.win:10090 -l n2n.haoren.eu.org:10090 -l
supernode.ntop.org:7777 -l 47.102.102.77:10090 -l n2n.myan.cc:10090 -l n2n.sfcs.eu.org:10090 -l n2n.eriol.cn:10090 -l n2n.x0x.cn:10090 -l n2n.vvcd.win:10090

kali:

1
2

sudo edge -c <name> -k <password> -a 192.168.100.1 -f -l n2n.laiyx.win:10090 -Er -A3 -e auto

macos, since we use sudo you might consider doing it with system service:

1
2

sudo edge -c <name> -k <password> -a 192.168.100.2 -f -l n2n.laiyx.win:10090 -Er -A3 -e auto

public shared n2n supernodes

you could test the speed and decide to use it or not.

in kali discovery service, when local connection is not avaliable, usually the p2p network is preferred than direct frp tunneling.

brew has tinc as a package!

tinc conf

tinc setup with core server

remote access with vps using tinc

install and config tinc on linux

tinc is somehow complex and it may requires some tinkering on tinc-up or using docker.

install n2n without macports

use n2n to send udp packages among clients, try to create direct link between devices which will speed up ssh connection speed. supernode creation could be used along with frpc

somehow brew does not have n2n as a package. macports has it, which requires xcode (huge!) to be installed.

peervpn tutorial

daemonize (launch at startup)

on macos, when crontab is created, cron will be automatically launched by launchd.

cronjobs may need to launch with the $(which env) prefix.

the problem of internet disconnetion will most not likely to interfere with the server since frpc has auto reconnection and the update hook is the filesystem watchdog, which will not run when no changes made (including the offline period)

the watchdog may be replaced by some mirror fuse system, which will report every access request to our dedicated server.

we have seen this behavior (filesystem mirroring) in our gitfuse code. but does that support symlink? should we really take care of that? or should we forget that and just use inotify instead?

maybe it will affect the client when mounting the remote filesystem using sshfs or rclone, but that has to be verified.

serve and mount remote filesystem

before serving, make sure the path /media/root/help/pyjom exists by running our mount script

create htpasswd file:

1
2

htpasswd -bc webdav_htpasswd <username> <password>

use rclone:

1
2

rclone serve webdav /media/root/help/pyjom --addr 0.0.0.0:8468 --key /root/.local/share/code-server/localhost.key --cert /root/.local/share/code-server/localhost.crt --htpasswd /root/Desktop/works/sync_git_repos/remote_deploys/webdav_htpasswd -L

before mounting, use rclone config to setup remote associated with a name. make sure the hostname is localhost instead of ip address to avoid certificate issues. do not install rclone from brew since it does not support fuse. instead, install from here

1
2

rclone mount webdav_local_nginx:/ /Volume/CaseSensitive/pyjom_remote_mountpoint --ca-cert /Users/jamesbrown/Desktop/works/host_discovery_ssh_local_connect/certificates/localhost.crt

after mounting, seems zsh on macos is not working very well with macfuse. bash works. does bash/fish works with sshfs as well? maybe that will save efforts.

encryption and invalid HTTPS certificates

use nginx to redirect remote server as localhost, since the host name on the certificate is localhost we cannot let chrome to trust anything other than that

1
2
3
4
5
6
7
8
9
10

worker_processes auto;
error_log error.log;
events { }
stream {
server {
listen 127.0.0.1:7576;
proxy_pass REMOTE_HOST:7576;
}
}

code-server(browser) color fixes

1
2
3
4
5
6
7
8
9
10
11

.cursor{
background: white;
}
body.web{
caret-color: white;
}
.monaco-editor .view-line span.inline-selected-text{
background: blue;
color: white;
}

connectors other than frp

code-server recommends some other methods like cloudflared and ngrok. 花生壳可能也有用 但是可能不好用

methods

try out code-server by coder, might work?

also we use builtin vscode connectors, using ssh.

currently we only have one, which uses direct ip address instead of a hijacked domain. maybe it is time to consider some faster server providers.

use a universal ssh as workspace extension called SSH FS

drawbacks of SSH FS extension

some drawbacks of this SSH FS plugin is that it cannot use the plugins from remote machine, also having issue whe jumping to remote files from terminal output. to run code-insider instead of code-oss, maybe we could spin up the official ssh connector, which can only be automated by publickey authentication.

syncing, updating and viewing using watchdog and sshfs(deprecated since it shares connection with vscode remote and maybe slower than rclone serve webdav?)

to mount the filesystem via sshfs:

1
2

sshfs root@192.168.10.4:/media/root/help/pyjom /Volumes/CaseSensitive/pyjom_remote_mountpoint -o follow_symlinks

to make sure the changes are updated regularly, we need a filesystem watchdog on kali, which will trigger the action of syncing, utilizing inotify. shall that be adopted on macos? maybe. but my extra editors can be vim or nvim, so it is not so hard to predict. but if it can monitor the file read events, we don’t need those legacy editor program hooks.

at least we need to see the output, so we need to mount the remote filesystem as sshfs, then use ffplay to view it.

solution

for now, two viable ways:

one using code-server, the other using code-server-insider provided by code-insider. when using builtin code-server-insider, remember it will not share the plugins installed by code-insider. the remote executable location is at /root/.vscode-server-insiders/bin/12b08be500f8a307f30e92cbc3ee39ba115eab69/bin/code-server-insider or something. must set the local setting remote.SSH.useLocalServer to false.

when using code-server, one can connect to the workspace using browser, instead of vscode builtin remote connector.

收集别人的帐号然后登录

kali负责收集网络帐号 然后在一个web页面上面提供一个加密的auth接口 最好是rsa加密的东西 有时间延迟防暴力破解的访问接口 通过验证之后可以获得用户名密码 同时可以访问相应接口进行占用或者解除占用 当然你也可以直接弄个静态的页面谁也破解不了 但是访问的时候就得一个一个的尝试 当然也更安全

免流卡

微信小程序 免流帮

qq群：857969390

搜索github

校园网也可以免认证登录

IM MITM 聊天软件 MITM

better do this in virtual enviorment without using any real world platform, just your own IM enviorment like a self-hosted IRC or something.

is there any existing solution like telegram-mitm or twitter mitm?

lua twitter automation, found on luarocks:

https://github.com/leafo/lua-twitter

scraper of tumblr, pinterest, youtube, reddit using api:

https://github.com/ScriptSmith/socialreaper

youtube search and youtube comment scraper

https://github.com/alexmercerind/youtube-search-python

https://github.com/egbertbouman/youtube-comment-downloader

youtube, youtube transcribe and youtube music api

https://github.com/srcecde/python-youtube-api

https://github.com/sigma67/ytmusicapi

https://github.com/jdepoix/youtube-transcript-api

https://github.com/youtube/api-samples

reddit scraper and analyzer

https://github.com/casperbh96/Web-Scraping-Reddit

https://github.com/umitkaanusta/reddit-detective

reddit api

https://github.com/praw-dev/praw

tumblr api

https://github.com/tumblr/pytumblr

tumblr scraper

https://github.com/henan715/tumblrScrapy

discord bot api:

https://github.com/discordjs/discord.js

twitter api

https://github.com/python-twitter-tools/twitter

twitter scraper

https://github.com/bisguzar/twitter-scraper

facebook api:

https://github.com/Schmavery/facebook-chat-api

facebook scraper:

https://github.com/kevinzg/facebook-scraper

instagram api:

https://github.com/facebookarchive/python-instagram

instagram scraper:

https://github.com/huaying/instagram-crawler

topic analysis among recent frequent conversations

procedures:

1.add two friends (active) and bridge them

2.intercept them, filter insecure data like screenshots, identities and explicit contents, and analyze needs (probably with your generated response)?

3.send intentional Ads and fix the conversation in three sentences.