gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-02-04 11:07:37 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/pentesting-cloud/aws-security/aws-privilege-escalation/

Browse Source
This commit is contained in:
Translator
2025-01-04 17:56:27 +00:00
parent d6ced1de8a
commit f842e98fd2
2 changed files with 42 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
hacktricks-preprocessor.py
View File

@@ -1,4 +1,5 @@
import json
import os
import sys
import re
import logging
@@ -26,7 +27,7 @@ def findtitle(search ,obj, key, path=(),):
def ref(matchobj):
logger.debug(f'Match: {matchobj.groups(0)[0].strip()}')
logger.debug(f'Ref match: {matchobj.groups(0)[0].strip()}')
href = matchobj.groups(0)[0].strip()
title = href
if href.startswith("http://") or href.startswith("https://"):
@@ -69,8 +70,39 @@ def ref(matchobj):
return result
def files(matchobj):
logger.debug(f'Files match: {matchobj.groups(0)[0].strip()}')
href = matchobj.groups(0)[0].strip()
title = ""
try:
for root, dirs, files in os.walk(os.getcwd()+'/src/files'):
logger.debug(root)
logger.debug(files)
if href in files:
title = href
logger.debug(f'File search result: {os.path.join(root, href)}')
except Exception as e:
logger.debug(e)
logger.debug(f'Error searching file: {href}')
print(f'Error searching file: {href}')
sys.exit(1)
if title=="":
logger.debug(f'Error searching file: {href}')
print(f'Error searching file: {href}')
sys.exit(1)
template = f"""<a class="content_ref" href="/files/{href}"><span class="content_ref_label">{title}</span></a>"""
result = template
return result
def add_read_time(content):
regex = r'(# .*(?=\n))'
regex = r'(<\/style>\n# .*(?=\n))'
new_content = re.sub(regex, lambda x: x.group(0) + "\n\nReading time: {{ #reading_time }}", content)
return new_content
@@ -104,6 +136,8 @@ if __name__ == '__main__':
current_chapter = chapter
regex = r'{{[\s]*#ref[\s]*}}(?:\n)?([^\\\n]*)(?:\n)?{{[\s]*#endref[\s]*}}'
new_content = re.sub(regex, ref, chapter['content'])
regex = r'{{[\s]*#file[\s]*}}(?:\n)?([^\\\n]*)(?:\n)?{{[\s]*#endfile[\s]*}}'
new_content = re.sub(regex, files, chapter['content'])
new_content = add_read_time(new_content)
chapter['content'] = new_content

10
src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-codestar-privesc/iam-passrole-codestar-createproject.md
View File

@@ -2,9 +2,9 @@
{{#include ../../../../banners/hacktricks-training.md}}
Kwa ruhusa hizi unaweza **kutumia jukumu la codestar IAM** kufanya **vitendo vya kiholela** kupitia **kigezo cha cloudformation**.
Kwa ruhusa hizi unaweza **kutumia codestar IAM Role** kufanya **vitendo vyovyote** kupitia **cloudformation template**.
Ili kutumia hii unahitaji kuunda **S3 bucket inayopatikana** kutoka kwa akaunti iliyoshambuliwa. Pakia faili inayoitwa `toolchain.json`. Faili hii inapaswa kuwa na **kigezo cha cloudformation exploit**. Ifuatayo inaweza kutumika kuweka sera inayosimamiwa kwa mtumiaji chini ya udhibiti wako na **kumpa ruhusa za admin**:
Ili kutumia hii unahitaji kuunda **S3 bucket inayopatikana** kutoka kwa akaunti iliyoshambuliwa. Pakia faili inayoitwa `toolchain.json`. Faili hii inapaswa kuwa na **cloudformation template exploit**. Ifuatayo inaweza kutumika kuweka sera inayosimamiwa kwa mtumiaji chini ya udhibiti wako na **kumpa ruhusa za admin**:
```json:toolchain.json
{
"Resources": {
@@ -30,11 +30,13 @@ Ili kutumia hii unahitaji kuunda **S3 bucket inayopatikana** kutoka kwa akaunti
```
Pia **pakia** faili hili la `empty zip` kwenye **bucket**:
{% file src="../../../../images/empty.zip" %}
{{#file}}
empty.zip
{{#endfile}}
Kumbuka kwamba **bucket yenye faili zote mbili inapaswa kufikiwa na akaunti ya mwathirika**.
Kwa vitu vyote viwili vilivyopakuliwa sasa unaweza kuendelea na **exploitation** kwa kuunda mradi wa **codestar**:
Kwa vitu vyote viwili vilivyopakiwa sasa unaweza kuendelea na **exploitation** kwa kuunda mradi wa **codestar**:
```bash
PROJECT_NAME="supercodestar"