Update URLs

This commit is contained in:
Jimmy
2025-01-10 16:34:21 +01:00
parent 37bf365f5b
commit 833b571498
35 changed files with 51 additions and 51 deletions
+3 -3
View File
@@ -37,7 +37,7 @@ From a Red Team point of view, the **first step to compromise an AWS environment
- **Social** Engineering
- **Password** reuse (password leaks)
- Vulnerabilities in AWS-Hosted Applications
- [**Server Side Request Forgery**](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf) with access to metadata endpoint
- [**Server Side Request Forgery**](https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html) with access to metadata endpoint
- **Local File Read**
- `/home/USERNAME/.aws/credentials`
- `C:\Users\USERNAME\.aws\credentials`
@@ -67,7 +67,7 @@ aws-permissions-for-a-pentest.md
If you found a SSRF in a machine inside AWS check this page for tricks:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
{{#endref}}
### Whoami
@@ -147,7 +147,7 @@ As pentester/red teamer you should always check if you can find **sensitive info
In this book you should find **information** about how to find **exposed AWS services and how to check them**. About how to find **vulnerabilities in exposed network services** I would recommend you to **search** for the specific **service** in:
{{#ref}}
https://book.hacktricks.xyz/
https://book.hacktricks.wiki/
{{#endref}}
## Compromising the Organization
@@ -7,7 +7,7 @@
For info about SAML please check:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/saml-attacks
https://book.hacktricks.wiki/en/pentesting-web/saml-attacks/index.html
{{#endref}}
In order to configure an **Identity Federation through SAML** you just need to provide a **name** and the **metadata XML** containing all the SAML configuration (**endpoints**, **certificate** with public key)
@@ -113,7 +113,7 @@ One of the scenarios where this is useful is pivoting from a [Bastion Host](http
aws ssm start-session --target "$INSTANCE_ID"
```
3. Get the Bastion EC2 AWS temporary credentials with the [Abusing SSRF in AWS EC2 environment](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#abusing-ssrf-in-aws-ec2-environment) script
3. Get the Bastion EC2 AWS temporary credentials with the [Abusing SSRF in AWS EC2 environment](https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#abusing-ssrf-in-aws-ec2-environment) script
4. Transfer the credentials to your own machine in the `$HOME/.aws/credentials` file as `[bastion-ec2]` profile
5. Log in to EKS as the Bastion EC2:
@@ -51,7 +51,7 @@ aws ecr get-download-url-for-layer \
After downloading the images you should **check them for sensitive info**:
{{#ref}}
https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics
https://book.hacktricks.wiki/en/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.html
{{#endref}}
### `ecr:PutLifecyclePolicy` | `ecr:DeleteRepository` | `ecr-public:DeleteRepository` | `ecr:BatchDeleteImage` | `ecr-public:BatchDeleteImage`
@@ -16,7 +16,7 @@ In ECS an **IAM role can be assigned to the task** running inside the container.
Which means that if you manage to **compromise** an ECS instance you can potentially **obtain the IAM role associated to the ECR and to the EC2 instance**. For more info about how to get those credentials check:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
{{#endref}}
> [!CAUTION]
@@ -194,7 +194,7 @@ aws --profile none-priv lambda update-function-configuration --function-name <fu
For other scripting languages there are other env variables you can use. For more info check the subsections of scripting languages in:
{{#ref}}
https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse
https://book.hacktricks.wiki/en/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/index.html
{{#endref}}
#### RCE via Lambda Layers
@@ -26,7 +26,7 @@ aws --region us-east-1 --profile ad docdb describe-db-cluster-snapshot-attribute
As DocumentDB is a MongoDB compatible database, you can imagine it's also vulnerable to common NoSQL injection attacks:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/nosql-injection
https://book.hacktricks.wiki/en/pentesting-web/nosql-injection.html
{{#endref}}
### DocumentDB
@@ -86,7 +86,7 @@ aws dynamodb describe-endpoints #Dynamodb endpoints
There are ways to access DynamoDB data with **SQL syntax**, therefore, typical **SQL injections are also possible**.
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/sql-injection
https://book.hacktricks.wiki/en/pentesting-web/sql-injection/index.html
{{#endref}}
### NoSQL Injection
@@ -109,7 +109,7 @@ If you can **change the comparison** performed or add new ones, you could retrie
```
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/nosql-injection
https://book.hacktricks.wiki/en/pentesting-web/nosql-injection.html
{{#endref}}
### Raw Json injection
@@ -38,7 +38,7 @@ This extra step is the **creation of an** [_**instance profile**_](https://docs.
AWS EC2 metadata is information about an Amazon Elastic Compute Cloud (EC2) instance that is available to the instance at runtime. This metadata is used to provide information about the instance, such as its instance ID, the availability zone it is running in, the IAM role associated with the instance, and the instance's hostname.
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
{{#endref}}
### Enumeration
@@ -136,7 +136,7 @@ aws rds modify-db-instance --db-instance-identifier <ID> --master-user-password
There are ways to access DynamoDB data with **SQL syntax**, therefore, typical **SQL injections are also possible**.
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/sql-injection
https://book.hacktricks.wiki/en/pentesting-web/sql-injection/index.html
{{#endref}}
{{#include ../../../banners/hacktricks-training.md}}
@@ -145,7 +145,7 @@ print(response)
For more information about CSV Injections check the page:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/formula-injection
https://book.hacktricks.wiki/en/pentesting-web/formula-csv-doc-latex-ghostscript-injection.html
{{#endref}}
For more information about this specific technique check [https://rhinosecuritylabs.com/aws/cloud-security-csv-injection-aws-cloudtrail/](https://rhinosecuritylabs.com/aws/cloud-security-csv-injection-aws-cloudtrail/)
@@ -17,7 +17,7 @@ It's possible to expose the **any port of the virtual machines to the internet**
#### SSRF
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
{{#endref}}
### Public AMIs & EBS Snapshots
@@ -39,7 +39,7 @@ aws ec2 describe-snapshots --restorable-by-user-ids all
aws ec2 describe-snapshots --restorable-by-user-ids all | jq '.Snapshots[] | select(.OwnerId == "099720109477")'
```
If you find a snapshot that is restorable by anyone, make sure to check [AWS - EBS Snapshot Dump](https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-post-exploitation/aws-ec2-ebs-ssm-and-vpc-post-exploitation/aws-ebs-snapshot-dump) for directions on downloading and looting the snapshot.
If you find a snapshot that is restorable by anyone, make sure to check [AWS - EBS Snapshot Dump](https://cloud.hacktricks.wiki/en/pentesting-cloud/aws-security/aws-post-exploitation/aws-ec2-ebs-ssm-and-vpc-post-exploitation/index.html#ebs-snapshot-dump) for directions on downloading and looting the snapshot.
#### Public URL template
@@ -18,7 +18,7 @@ From a Red Team point of view, the **first step to compromise an Azure environme
- **Social** Engineering
- **Password** reuse (password leaks)
- Vulnerabilities in Azure-Hosted Applications
- [**Server Side Request Forgery**](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf) with access to metadata endpoint
- [**Server Side Request Forgery**](https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html) with access to metadata endpoint
- **Local File Read**
- `/home/USERNAME/.azure`
- `C:\Users\USERNAME\.azure`
@@ -29,7 +29,7 @@ From a Red Team point of view, the **first step to compromise an Azure environme
Use `Disconnect-AzAccount` to remove them.
- 3rd parties **breached**
- **Internal** Employee
- [**Common Phishing**](https://book.hacktricks.xyz/generic-methodologies-and-resources/phishing-methodology) (credentials or Oauth App)
- [**Common Phishing**](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/phishing-methodology/index.html) (credentials or Oauth App)
- [Device Code Authentication Phishing](az-unauthenticated-enum-and-initial-entry/az-device-code-authentication-phishing.md)
- [Azure **Password Spraying**](az-unauthenticated-enum-and-initial-entry/az-password-spraying.md)
@@ -52,7 +52,7 @@ az-unauthenticated-enum-and-initial-entry/
If you found a SSRF in a machine inside Azure check this page for tricks:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
https://book.hacktricks.wiki/en/generic-methodologies-and-resources/phishing-methodology/index.html
{{#endref}}
### Bypass Login Conditions
@@ -9,15 +9,15 @@ Browser **cookies** are a great mechanism to **bypass authentication and MFA**.
You can see where are **browser cookies located** in:
{{#ref}}
https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts?q=browse#google-chrome
https://book.hacktricks.wiki/en/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.html#google-chrome
{{#endref}}
## Attack
The challenging part is that those **cookies are encrypted** for the **user** via the Microsoft Data Protection API (**DPAPI**). This is encrypted using cryptographic [keys tied to the user](https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords) the cookies belong to. You can find more information about this in:
The challenging part is that those **cookies are encrypted** for the **user** via the Microsoft Data Protection API (**DPAPI**). This is encrypted using cryptographic [keys tied to the user](https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.html) the cookies belong to. You can find more information about this in:
{{#ref}}
https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords
https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.html
{{#endref}}
With Mimikatz in hand, I am able to **extract a users cookies** even though they are encrypted with this command:
@@ -32,7 +32,7 @@ In any federation setup there are three parties:
**If you want to learn more about SAML authentication and common attacks go to:**
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/saml-attacks
https://book.hacktricks.wiki/en/pentesting-web/saml-attacks/index.html
{{#endref}}
## Pivoting
@@ -56,7 +56,7 @@ https://book.hacktricks.xyz/pentesting-web/saml-attacks
The process where an **Identity Provider (IdP)** produces a **SAMLResponse** to authorize user sign-in is paramount. Depending on the IdP's specific implementation, the **response** might be **signed** or **encrypted** using the **IdP's private key**. This procedure enables the **Service Provider (SP)** to confirm the authenticity of the SAMLResponse, ensuring it was indeed issued by a trusted IdP.
A parallel can be drawn with the [golden ticket attack](https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/golden-ticket), where the key authenticating the users identity and permissions (KRBTGT for golden tickets, token-signing private key for golden SAML) can be manipulated to **forge an authentication object** (TGT or SAMLResponse). This allows impersonation of any user, granting unauthorized access to the SP.
A parallel can be drawn with the [golden ticket attack](https://book.hacktricks.wiki/en/windows-hardening/active-directory-methodology/index.html#golden-ticket), where the key authenticating the users identity and permissions (KRBTGT for golden tickets, token-signing private key for golden SAML) can be manipulated to **forge an authentication object** (TGT or SAMLResponse). This allows impersonation of any user, granting unauthorized access to the SP.
Golden SAMLs offer certain advantages:
@@ -173,7 +173,7 @@ Then go to [https://portal.azure.com](https://portal.azure.com)
#### Steps
1. The **PRT (Primary Refresh Token) is extracted from LSASS** (Local Security Authority Subsystem Service) and stored for subsequent use.
2. The **Session Key is extracted next**. Given that this key is initially issued and then re-encrypted by the local device, it necessitates decryption using a DPAPI masterkey. Detailed information about DPAPI (Data Protection API) can be found in these resources: [HackTricks](https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords) and for an understanding of its application, refer to [Pass-the-cookie attack](az-pass-the-cookie.md).
2. The **Session Key is extracted next**. Given that this key is initially issued and then re-encrypted by the local device, it necessitates decryption using a DPAPI masterkey. Detailed information about DPAPI (Data Protection API) can be found in these resources: [HackTricks](https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.html) and for an understanding of its application, refer to [Pass-the-cookie attack](az-pass-the-cookie.md).
3. Post decryption of the Session Key, the **derived key and context for the PRT are obtained**. These are crucial for the **creation of the PRT cookie**. Specifically, the derived key is employed for signing the JWT (JSON Web Token) that constitutes the cookie. A comprehensive explanation of this process has been provided by Dirk-jan, accessible [here](https://dirkjanm.io/digging-further-into-the-primary-refresh-token/).
> [!CAUTION]
@@ -19,7 +19,7 @@ An attacker identifies applications, extensions or images being frequently used
An attacker could get access to the instances and backdoor them:
- Using a traditional **rootkit** for example
- Adding a new **public SSH key** (check [EC2 privesc options](https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-privilege-escalation/aws-ec2-privesc))
- Adding a new **public SSH key** (check [EC2 privesc options](https://cloud.hacktricks.wiki/en/pentesting-cloud/aws-security/aws-privilege-escalation/aws-ec2-privesc.html))
- Backdooring the **User Data**
{{#include ../../../banners/hacktricks-training.md}}
@@ -372,7 +372,7 @@ az vm identity assign \
Then the attacker needs to have **compromised somehow the VM** to steal tokens from the assigned managed identities. Check **more info in**:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#azure-vm
{{#endref}}
### TODO: Microsoft.Compute/virtualMachines/WACloginAsAdmin/action
@@ -67,7 +67,7 @@ The **system assigned** one will be a managed identity that **only the function*
It's possible to use the [**PEASS scripts**](https://github.com/peass-ng/PEASS-ng) to get tokens from the default managed identity from the metadata endpoint. Or you could get them **manually** as explained in:
{% embed url="https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm" %}
{% embed url="https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#azure-vm" %}
Note that you need to find out a way to **check all the Managed Identities a function has attached** as if you don't indicate it, the metadata endpoint will **only use the default one** (check the previous link for more info).
@@ -208,7 +208,7 @@ Moreover, to contact the metadata endpoint, the HTTP request must have the heade
Check how to enumerate it in:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#azure-vm
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#azure-vm
{{#endref}}
## VM Enumeration
@@ -231,7 +231,7 @@ Use [**Storage Explorer**](https://azure.microsoft.com/en-us/features/storage-ex
### Phishing
- [**Common Phishing**](https://book.hacktricks.xyz/generic-methodologies-and-resources/phishing-methodology) (credentials or OAuth App -[Illicit Consent Grant Attack](az-oauth-apps-phishing.md)-)
- [**Common Phishing**](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/phishing-methodology/index.html) (credentials or OAuth App -[Illicit Consent Grant Attack](az-oauth-apps-phishing.md)-)
- [**Device Code Authentication** Phishing](az-device-code-authentication-phishing.md)
### Password Spraying / Brute-Force
@@ -17,7 +17,7 @@ do-basic-information.md
### SSRF
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
{{#endref}}
### Projects
+3 -3
View File
@@ -29,7 +29,7 @@ From a Red Team point of view, the **first step to compromise a GCP environment*
- **Social** Engineering (Check the page [**Workspace Security**](../workspace-security/index.html))
- **Password** reuse (password leaks)
- Vulnerabilities in GCP-Hosted Applications
- [**Server Side Request Forgery**](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf) with access to metadata endpoint
- [**Server Side Request Forgery**](https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html) with access to metadata endpoint
- **Local File Read**
- `/home/USERNAME/.config/gcloud/*`
- `C:\Users\USERNAME\.config\gcloud\*`
@@ -58,7 +58,7 @@ gcp-permissions-for-a-pentest.md
For more information about how to **enumerate GCP metadata** check the following hacktricks page:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#6440
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
{{#endref}}
### Whoami
@@ -149,7 +149,7 @@ As pentester/red teamer you should always check if you can find **sensitive info
In this book you should find **information** about how to find **exposed GCP services and how to check them**. About how to find **vulnerabilities in exposed network services** I would recommend you to **search** for the specific **service** in:
{{#ref}}
https://book.hacktricks.xyz/
https://book.hacktricks.wiki/
{{#endref}}
## GCP <--> Workspace Pivoting
@@ -36,7 +36,7 @@ For persistence these are the steps you need to follow:
For more information about dependency confusion check:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/dependency-confusion
https://book.hacktricks.wiki/en/pentesting-web/dependency-confusion.html
{{#endref}}
{{#include ../../../banners/hacktricks-training.md}}
@@ -13,7 +13,7 @@ sqlite3 $HOME/.config/gcloud/access_tokens.db "select access_token from access_t
Check in this page how to **directly use this token using gcloud**:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#id-6440-1
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#gcp
{{#endref}}
To get the details to **generate a new access token** run:
@@ -27,7 +27,7 @@ Moreover, it's possible to add **userdata**, which is a script that will be **ex
For more info check:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
{{#endref}}
## **Abusing IAM permissions**
@@ -91,7 +91,7 @@ curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?re
Moreover, **auth token for the attached service account** and **general info** about the instance, network and project is also going to be available from the **metadata endpoint**. For more info check:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#6440
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#gcp
{{#endref}}
### Encryption
@@ -17,7 +17,7 @@ If you have **access to a Cloud SQL port** because all internet is permitted or
Check this page for **different tools to burte-force** different database technologies:
{{#ref}}
https://book.hacktricks.xyz/generic-methodologies-and-resources/brute-force
https://book.hacktricks.wiki/en/generic-hacking/brute-force.html
{{#endref}}
Remember that with some privileges it's possible to **list all the database users** via GCP API.
@@ -15,7 +15,7 @@ For more information about Compute and VPC (Networking) check:
If a web is **vulnerable to SSRF** and it's possible to **add the metadata header**, an attacker could abuse it to access the SA OAuth token from the metadata endpoint. For more info about SSRF check:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/index.html
{{#endref}}
### Vulnerable exposed services
@@ -28,7 +28,7 @@ ibm-basic-information.md
Learn how you can access the medata endpoint of IBM in the following page:
{{#ref}}
https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#2af0
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#ibm-cloud
{{#endref}}
## References
@@ -13,13 +13,13 @@
In order to try to escape from the pods you might need to **escalate privileges** first, some techniques to do it:
{{#ref}}
https://book.hacktricks.xyz/linux-hardening/privilege-escalation
https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html
{{#endref}}
You can check this **docker breakouts to try to escape** from a pod you have compromised:
{{#ref}}
https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-breakout
https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/index.html
{{#endref}}
### Abusing Kubernetes Privileges
@@ -5,7 +5,7 @@
## Generic Phishing Methodology
{{#ref}}
https://book.hacktricks.xyz/generic-methodologies-and-resources/phishing-methodology
https://book.hacktricks.wiki/en/generic-methodologies-and-resources/phishing-methodology/index.html
{{#endref}}
## Google Groups Phishing
@@ -59,7 +59,7 @@ The with some code like the following an attacker could make the script load arb
```javascript
function doGet() {
return HtmlService.createHtmlOutput(
'<meta http-equiv="refresh" content="0;url=https://cloud.hacktricks.xyz/pentesting-cloud/workspace-security/gws-google-platforms-phishing#app-scripts-redirect-phishing">'
'<meta http-equiv="refresh" content="0;url=https://cloud.hacktricks.wiki/en/pentesting-cloud/workspace-security/gws-google-platforms-phishing/index.html#app-scripts-redirect-phishing">'
).setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL)
}
```