From 3a5e1461157efcbb545c6218df7616b4c229d60a Mon Sep 17 00:00:00 2001 From: CPol Date: Sat, 10 Feb 2024 17:19:32 +0000 Subject: [PATCH] GITBOOK-568: change request with no subject merged in GitBook --- .../aws-pentesting/aws-persistence/README.md | 1 - .../aws-post-exploitation/README.md | 29 ------------- .../aws-privilege-escalation/README.md | 43 ++----------------- .../aws-security/aws-services/README.md | 31 ++----------- .../azure-security/az-services/README.md | 14 ++---- 5 files changed, 9 insertions(+), 109 deletions(-) diff --git a/pentesting-cloud/aws-pentesting/aws-persistence/README.md b/pentesting-cloud/aws-pentesting/aws-persistence/README.md index 68f49fb58f..901051f090 100644 --- a/pentesting-cloud/aws-pentesting/aws-persistence/README.md +++ b/pentesting-cloud/aws-pentesting/aws-persistence/README.md @@ -1,3 +1,2 @@ # AWS - Persistence -PAGE TODO. Get some relevant info from [https://github.com/SummitRoute/aws\_exposable\_resources](https://github.com/SummitRoute/aws\_exposable\_resources) diff --git a/pentesting-cloud/aws-pentesting/aws-post-exploitation/README.md b/pentesting-cloud/aws-pentesting/aws-post-exploitation/README.md index 468a1188d8..092b723de6 100644 --- a/pentesting-cloud/aws-pentesting/aws-post-exploitation/README.md +++ b/pentesting-cloud/aws-pentesting/aws-post-exploitation/README.md @@ -1,31 +1,2 @@ # AWS - Post Exploitation -
- -Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! - -Other ways to support HackTricks: - -* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! -* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) -* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) -* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** -* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. - -
- - - -
- -Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! - -Other ways to support HackTricks: - -* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! -* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) -* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) -* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** -* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. - -
diff --git a/pentesting-cloud/aws-security/aws-privilege-escalation/README.md b/pentesting-cloud/aws-security/aws-privilege-escalation/README.md index b5b644ca0b..f56a1ec125 100644 --- a/pentesting-cloud/aws-security/aws-privilege-escalation/README.md +++ b/pentesting-cloud/aws-security/aws-privilege-escalation/README.md @@ -9,7 +9,7 @@ Other ways to support HackTricks: * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) -* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** +* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. @@ -27,50 +27,13 @@ If an IAM policy has `"Effect": "Allow"` and `"NotAction": "Someaction"` indicat So remember that this is another way to **grant privileged permissions** to a principal. {% endhint %} -You can find all the **privesc paths divided by services**: - -* [**Apigateway Privesc**](aws-apigateway-privesc.md) -* [**Codebuild Privesc**](aws-codebuild-privesc.md) -* [**Codepipeline Privesc**](aws-codepipeline-privesc.md) -* [**Codestar Privesc**](aws-codestar-privesc/) -* [**Cloudformation Privesc**](aws-cloudformation-privesc/) -* [**Cognito Privesc**](aws-cognito-privesc.md) -* [**Datapipeline Privesc**](aws-datapipeline-privesc.md) -* [**DynamoDB Privesc**](aws-dynamodb-privesc.md) -* [**EBS Privesc**](aws-ebs-privesc.md) -* [**EC2 Privesc**](aws-ec2-privesc.md) -* [**ECR Privesc**](aws-ecr-privesc.md) -* [**ECS Privesc**](aws-ecs-privesc.md) -* [**EFS Privesc**](aws-efs-privesc.md) -* [**EMR Privesc**](aws-emr-privesc.md) -* [**Glue Privesc**](aws-glue-privesc.md) -* [**IAM Privesc**](aws-iam-privesc.md) -* [**KMS Privesc**](aws-kms-privesc.md) -* [**Lambda Privesc**](../../aws-pentesting/aws-privilege-escalation/aws-lambda-privesc.md) -* [**Lightsail Privesc**](aws-lightsail-privesc.md) -* [**MQ Privesc**](aws-mq-privesc.md) -* [**MSK Privesc**](aws-msk-privesc.md) -* [**RDS Privesc**](aws-rds-privesc.md) -* [**Redshift Privesc**](aws-redshift-privesc.md) -* [**S3 Privesc**](aws-s3-privesc.md) -* [**Sagemaker Privesc**](aws-sagemaker-privesc.md) -* [**Secrets Privesc**](aws-secrets-manager-privesc.md) -* [**SSM Privesc**](aws-ssm-privesc.md) -* [**STS Privesc**](aws-sts-privesc.md) -* [**Misc (Other Techniques) Privesc**](broken-reference) +**The pages of this section are ordered by AWS service. In there you will be able to find permissions that will allow you to escalate privileges.** ## Tools * [https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/aws\_escalate.py](https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/aws-pentest-tools/aws\_escalate.py) * [Pacu](https://github.com/RhinoSecurityLabs/pacu) -## References - -* [https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation-part-2/](https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation-part-2/) -* [https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/](https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/) -* [https://bishopfox.com/blog/privilege-escalation-in-aws](https://bishopfox.com/blog/privilege-escalation-in-aws) -* [https://hackingthe.cloud/aws/exploitation/local-priv-esc-user-data-s3/](https://hackingthe.cloud/aws/exploitation/local-priv-esc-user-data-s3/) -
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! @@ -80,7 +43,7 @@ Other ways to support HackTricks: * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) -* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** +* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
diff --git a/pentesting-cloud/aws-security/aws-services/README.md b/pentesting-cloud/aws-security/aws-services/README.md index 0b821f624e..aa1e246535 100644 --- a/pentesting-cloud/aws-security/aws-services/README.md +++ b/pentesting-cloud/aws-security/aws-services/README.md @@ -9,7 +9,7 @@ Other ways to support HackTricks: * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) -* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** +* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. @@ -38,32 +38,7 @@ Services that fall under container services have the following characteristics: ## Services Enumeration -AWS offers hundreds of different services, here you can find how to **enumerate some of them**, and also **post-exploitation, persistence and detection evasion tricks:** - -* [**Security & Detection services**](aws-security-and-detection-services/) -* [**Databases**](broken-reference) -* [**API Gateway Enum**](aws-api-gateway-enum.md) -* [**CloudFormation & Codestar**](aws-cloudformation-and-codestar-enum.md) -* [**CloudHSM**](aws-cloudhsm-enum.md) -* [**CloudFront**](aws-cloudfront-enum.md) -* [**Cognito**](aws-cognito-enum/) -* [**DataPipeline, CodePipeline & CodeBuild & CodeCommit**](aws-datapipeline-codepipeline-codebuild-and-codecommit.md) -* [**EC2, EBS, SSM, VPC & VPN**](aws-ec2-ebs-elb-ssm-vpc-and-vpn-enum/) -* [**ECS, ECR & EKS**](aws-eks-enum.md) -* [**EMR**](aws-emr-enum.md) -* [**EFS**](aws-efs-enum.md) -* [**Kinesis Data Firehouse**](../../aws-pentesting/aws-services/aws-kinesis-data-firehose-enum.md) -* [**IAM & STS**](aws-iam-enum.md) -* [**KMS**](aws-kms-enum.md) -* [**Lambda**](aws-lambda-enum.md) -* [**Lightsail**](aws-lightsail-enum.md) -* [**MQ**](aws-mq-enum.md) -* [**MSK**](aws-msk-enum.md) -* [**Route53**](aws-route53-enum.md) -* [**Secrets Manager**](aws-secrets-manager-enum.md) -* [**SQS & SNS**](aws-sqs-and-sns-enum.md) -* [**S3, Athena & Glacier Enum**](../../aws-pentesting/aws-services/aws-s3-athena-and-glacier-enum.md) -* [**Other Services Enum**](broken-reference/) +**The pages of this section are ordered by AWS service. In there you will be able to find information about the service (how it works and capabilities) and that will allow you to escalate privileges.**
@@ -74,7 +49,7 @@ Other ways to support HackTricks: * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) -* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** +* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
diff --git a/pentesting-cloud/azure-security/az-services/README.md b/pentesting-cloud/azure-security/az-services/README.md index c1d7174e63..9f26d065c9 100644 --- a/pentesting-cloud/azure-security/az-services/README.md +++ b/pentesting-cloud/azure-security/az-services/README.md @@ -9,7 +9,7 @@ Other ways to support HackTricks: * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) -* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** +* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. @@ -80,15 +80,7 @@ def main(req: func.HttpRequest) -> func.HttpResponse: ## List of Services -* [**Azure AD**](../az-azuread/) -* [**Application Proxy**](az-application-proxy.md) -* [**Arm Templates / Deployments**](az-arm-templates.md) -* [**Automation Account**](az-automation-account/) -* [**App Service & Function Apps**](az-azure-app-service.md) -* [**Blob Storage**](az-blob-storage.md) -* [**Intune**](../intune.md) -* [**Keyvault**](../keyvault.md) -* [**Virtual Machines**](vms/) +**The pages of this section are ordered by Azure service. In there you will be able to find information about the service (how it works and capabilities) and also how to enumerate each service.**
@@ -99,7 +91,7 @@ Other ways to support HackTricks: * If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! * Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) * Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) -* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** +* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.