Update URLs

2026-01-09 03:40:59 -08:00 · 2025-01-10 16:34:21 +01:00
parent 37bf365f5b
commit 833b571498
35 changed files with 51 additions and 51 deletions
--- a/src/pentesting-cloud/gcp-security/README.md
+++ b/src/pentesting-cloud/gcp-security/README.md
@@ -29,7 +29,7 @@ From a Red Team point of view, the **first step to compromise a GCP environment*
 - **Social** Engineering (Check the page [**Workspace Security**](../workspace-security/index.html))
 - **Password** reuse (password leaks)
 - Vulnerabilities in GCP-Hosted Applications
-  - [**Server Side Request Forgery**](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf) with access to metadata endpoint
+  - [**Server Side Request Forgery**](https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html) with access to metadata endpoint
  - **Local File Read**
    - `/home/USERNAME/.config/gcloud/*`
    - `C:\Users\USERNAME\.config\gcloud\*`
@@ -58,7 +58,7 @@ gcp-permissions-for-a-pentest.md
 For more information about how to **enumerate GCP metadata** check the following hacktricks page:

 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#6440
+https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
 {{#endref}}

 ### Whoami
@@ -149,7 +149,7 @@ As pentester/red teamer you should always check if you can find **sensitive info
 In this book you should find **information** about how to find **exposed GCP services and how to check them**. About how to find **vulnerabilities in exposed network services** I would recommend you to **search** for the specific **service** in:

 {{#ref}}
-https://book.hacktricks.xyz/
+https://book.hacktricks.wiki/
 {{#endref}}

 ## GCP <--> Workspace Pivoting
--- a/src/pentesting-cloud/gcp-security/gcp-persistence/gcp-artifact-registry-persistence.md
+++ b/src/pentesting-cloud/gcp-security/gcp-persistence/gcp-artifact-registry-persistence.md
@@ -36,7 +36,7 @@ For persistence these are the steps you need to follow:
 For more information about dependency confusion check:

 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/dependency-confusion
+https://book.hacktricks.wiki/en/pentesting-web/dependency-confusion.html
 {{#endref}}

 {{#include ../../../banners/hacktricks-training.md}}
--- a/src/pentesting-cloud/gcp-security/gcp-persistence/gcp-non-svc-persistance.md
+++ b/src/pentesting-cloud/gcp-security/gcp-persistence/gcp-non-svc-persistance.md
@@ -13,7 +13,7 @@ sqlite3 $HOME/.config/gcloud/access_tokens.db "select access_token from access_t
 Check in this page how to **directly use this token using gcloud**:

 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#id-6440-1
+https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#gcp
 {{#endref}}

 To get the details to **generate a new access token** run:
--- a/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-local-privilege-escalation-ssh-pivoting.md
+++ b/src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-local-privilege-escalation-ssh-pivoting.md
@@ -27,7 +27,7 @@ Moreover, it's possible to add **userdata**, which is a script that will be **ex
 For more info check:

 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
+https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
 {{#endref}}

 ## **Abusing IAM permissions**
--- a/src/pentesting-cloud/gcp-security/gcp-services/gcp-compute-instances-enum/gcp-compute-instance.md
+++ b/src/pentesting-cloud/gcp-security/gcp-services/gcp-compute-instances-enum/gcp-compute-instance.md
@@ -91,7 +91,7 @@ curl "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?re
 Moreover, **auth token for the attached service account** and **general info** about the instance, network and project is also going to be available from the **metadata endpoint**. For more info check:

 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#6440
+https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#gcp
 {{#endref}}

 ### Encryption
--- a/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-cloud-sql-unauthenticated-enum.md
+++ b/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-cloud-sql-unauthenticated-enum.md
@@ -17,7 +17,7 @@ If you have **access to a Cloud SQL port** because all internet is permitted or
 Check this page for **different tools to burte-force** different database technologies:

 {{#ref}}
-https://book.hacktricks.xyz/generic-methodologies-and-resources/brute-force
+https://book.hacktricks.wiki/en/generic-hacking/brute-force.html
 {{#endref}}

 Remember that with some privileges it's possible to **list all the database users** via GCP API.
--- a/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-compute-unauthenticated-enum.md
+++ b/src/pentesting-cloud/gcp-security/gcp-unauthenticated-enum-and-access/gcp-compute-unauthenticated-enum.md
@@ -15,7 +15,7 @@ For more information about Compute and VPC (Networking) check:
 If a web is **vulnerable to SSRF** and it's possible to **add the metadata header**, an attacker could abuse it to access the SA OAuth token from the metadata endpoint. For more info about SSRF check:

 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery
+https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/index.html
 {{#endref}}

 ### Vulnerable exposed services