fix links

2026-01-01 23:39:52 -08:00 · 2025-01-05 11:29:50 +01:00
parent d65983432b
commit 13358c1371
33 changed files with 50 additions and 50 deletions
--- a/src/pentesting-ci-cd/apache-airflow-security/README.md
+++ b/src/pentesting-ci-cd/apache-airflow-security/README.md
@@ -53,7 +53,7 @@ If you have **access to the web console** you might be able to access some or al
 - **Variables** (Custom sensitive information might be stored here)
 - **Connections** (Custom sensitive information might be stored here)
  - Access them in `http://<airflow>/connection/list/`
- [**Configuration**](./#airflow-configuration) (Sensitive information like the **`secret_key`** and passwords might be stored here)
+- [**Configuration**](#airflow-configuration) (Sensitive information like the **`secret_key`** and passwords might be stored here)
 - List **users & roles**
 - **Code of each DAG** (which might contain interesting info)

--- a/src/pentesting-ci-cd/cloudflare-security/README.md
+++ b/src/pentesting-ci-cd/cloudflare-security/README.md
@@ -34,7 +34,7 @@ On each Cloudflare's page:

 - [ ] Check for **sensitive information** in the **`Build log`**.
 - [ ] Check for **sensitive information** in the **Github repository** assigned to the pages.
- [ ] Check for potential github repo compromise via **workflow command injection** or `pull_request_target` compromise. More info in the [**Github Security page**](../github-security/).
+- [ ] Check for potential github repo compromise via **workflow command injection** or `pull_request_target` compromise. More info in the [**Github Security page**](../github-security/index.html).
 - [ ] Check for **vulnerable functions** in the `/fuctions` directory (if any), check the **redirects** in the `_redirects` file (if any) and **misconfigured headers** in the `_headers` file (if any).
 - [ ] Check for **vulnerabilities** in the **web page** via **blackbox** or **whitebox** if you can **access the code**
 - [ ] In the details of each page `/<page_id>/pages/view/blocklist/settings/functions`. Check for **sensitive information** in the **`Environment variables`**.
--- a/src/pentesting-ci-cd/cloudflare-security/cloudflare-domains.md
+++ b/src/pentesting-ci-cd/cloudflare-security/cloudflare-domains.md
@@ -93,7 +93,7 @@ _I couldn't find any option related to security_

 ### **Workers Routes**

-_You should have already checked_ [_cloudflare workers_](./#workers)
+_You should have already checked_ [_cloudflare workers_](#workers)

 ### Rules

--- a/src/pentesting-ci-cd/gitea-security/README.md
+++ b/src/pentesting-ci-cd/gitea-security/README.md
@@ -86,7 +86,7 @@ A user token can be used **instead of a password** to **authenticate** against G

 ### With Oauth Application

-For an introduction about [**Gitea Oauth Applications check the basic information**](./#with-oauth-application).
+For an introduction about [**Gitea Oauth Applications check the basic information**](#with-oauth-application).

 An attacker might create a **malicious Oauth Application** to access privileged data/actions of the users that accepts them probably as part of a phishing campaign.

--- a/src/pentesting-ci-cd/github-security/README.md
+++ b/src/pentesting-ci-cd/github-security/README.md
@@ -51,7 +51,7 @@ Tools (each tool contains its list of regexes):

 ### External Forks

-It's possible to **compromise repos abusing pull requests**. To know if a repo is vulnerable you mostly need to read the Github Actions yaml configs. [**More info about this below**](./#execution-from-a-external-fork).
+It's possible to **compromise repos abusing pull requests**. To know if a repo is vulnerable you mostly need to read the Github Actions yaml configs. [**More info about this below**](#execution-from-a-external-fork).

 ### Github Leaks in deleted/internal forks

@@ -116,7 +116,7 @@ Note that **2FA may be used** so you will only be able to access this informatio
 > [!NOTE]
 > Note that if you **manage to steal the `user_session` cookie** (currently configured with SameSite: Lax) you can **completely impersonate the user** without needing credentials or 2FA.

-Check the section below about [**branch protections bypasses**](./#branch-protection-bypass) in case it's useful.
+Check the section below about [**branch protections bypasses**](#branch-protection-bypass) in case it's useful.

 ### With User SSH Key

--- a/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md
+++ b/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md
@@ -153,7 +153,7 @@ It's possible to check the permissions given to a Github Token in other users re
 > [!NOTE]
 > This would be the easiest way to compromise Github actions, as this case suppose that you have access to **create a new repo in the organization**, or have **write privileges over a repository**.
 >
-> If you are in this scenario you can just check the [Post Exploitation techniques](./#post-exploitation-techniques-from-inside-an-action).
+> If you are in this scenario you can just check the [Post Exploitation techniques](#post-exploitation-techniques-from-inside-an-action).

 ### Execution from Repo Creation

@@ -248,7 +248,7 @@ We have mentioned all the ways an external attacker could manage to make a githu

 ### Untrusted checkout execution

-In the case of **`pull_request`,** the workflow is going to be executed in the **context of the PR** (so it'll execute the **malicious PRs code**), but someone needs to **authorize it first** and it will run with some [limitations](./#pull_request).
+In the case of **`pull_request`,** the workflow is going to be executed in the **context of the PR** (so it'll execute the **malicious PRs code**), but someone needs to **authorize it first** and it will run with some [limitations](#pull_request).

 In case of a workflow using **`pull_request_target` or `workflow_run`** that depends on a workflow that can be triggered from **`pull_request_target` or `pull_request`** the code from the original repo will be executed, so the **attacker cannot control the executed code**.

--- a/src/pentesting-ci-cd/jenkins-security/README.md
+++ b/src/pentesting-ci-cd/jenkins-security/README.md
@@ -105,7 +105,7 @@ If the compromised user has **enough privileges to create/modify a new Jenkins n

 ![](<../../images/image (218).png>)

-You will usually find Jenkins ssh credentials in a **global provider** (`/credentials/`), so you can also dump them as you would dump any other secret. More information in the [**Dumping secrets section**](./#dumping-secrets).
+You will usually find Jenkins ssh credentials in a **global provider** (`/credentials/`), so you can also dump them as you would dump any other secret. More information in the [**Dumping secrets section**](#dumping-secrets).

 ### **RCE in Jenkins**

@@ -163,7 +163,7 @@ The most common triggers to execute a custom pipeline are:

 ### Pipeline RCE

-In the previous RCE section it was already indicated a technique to [**get RCE modifying a pipeline**](./#rce-creating-modifying-pipeline).
+In the previous RCE section it was already indicated a technique to [**get RCE modifying a pipeline**](#rce-creating-modifying-pipeline).

 ### Checking Env variables

@@ -234,7 +234,7 @@ At the end of this page you can **find all the credential types**: [https://www.

 > [!WARNING]
 > The best way to **dump all the secrets at once** is by **compromising** the **Jenkins** machine (running a reverse shell in the **built-in node** for example) and then **leaking** the **master keys** and the **encrypted secrets** and decrypting them offline.\
-> More on how to do this in the [Nodes & Agents section](./#nodes-and-agents) and in the [Post Exploitation section](./#post-exploitation).
+> More on how to do this in the [Nodes & Agents section](#nodes-and-agents) and in the [Post Exploitation section](#post-exploitation).

 ### Triggers