gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-02-04 19:11:41 -08:00
Code Issues Packages Projects Releases Wiki Activity
712 Commits 22 Branches 17 Tags
8c472fbf017fafb32fa9d99d2a45277b3a1f3bea
Commit Graph

421 Commits

Author SHA1 Message Date
SirBroccoli
6a11053885 Remove CVE-2024-28080 details from documentation 
Removed detailed explanation of CVE-2024-28080, including summary, root cause, exploitation steps, impact, detection ideas, and mitigations.
 2025-08-31 10:11:39 +02:00
SirBroccoli
fd19dc2304 Update aws-ecs-privesc.md 2025-08-31 10:06:24 +02:00
Fake1Sback
599d45c50a Added a separate section about the ecs run-task privesc method, since it was only briefly mentioned in the iam:PassRole, (ecs:UpdateService|ecs:CreateService) section 2025-08-30 18:52:59 +03:00
HackTricks News Bot
5b2a228050 Add content from: Gitblit CVE-2024-28080: SSH public‑key fallback to password ... 
- Remove searchindex.js (auto-generated file)
 2025-08-29 18:31:33 +00:00
carlospolop
c09016a56f Merge branch 'master' of github.com:HackTricks-wiki/hacktricks-cloud 2025-08-29 11:47:04 +02:00
carlospolop
77b76bfb00 a 2025-08-29 11:45:00 +02:00
carlospolop
3883d1a74e clean 2025-08-29 11:42:28 +02:00
carlospolop
d761716a28 f 2025-08-28 19:51:53 +02:00
carlospolop
d05d94d995 f 2025-08-25 23:20:13 +02:00
carlospolop
15ff9a7d1c f 2025-08-24 13:22:10 +02:00
SirBroccoli
33ca677b86 Update README.md 2025-08-21 02:19:10 +02:00
SirBroccoli
07a16af4ec Update README.md 2025-08-21 02:12:04 +02:00
SirBroccoli
d7c57cba6e Update accessible-deleted-data-in-github.md 2025-08-21 02:05:51 +02:00
SirBroccoli
236a8a2cec Update README.md 2025-08-21 01:59:20 +02:00
SirBroccoli
f3fd4b9294 Update README.md 2025-08-21 01:56:10 +02:00
HackTricks News Bot
f171d1a97d Add content from: How we exploited CodeRabbit: from a simple PR to RCE and wri... 2025-08-19 18:40:49 +00:00
SirBroccoli
855ef5fd9e Merge pull request #197 from HackTricks-wiki/update_Terraform_Cloud_token_abuse_turns_speculative_plan_20250815_124146 
Terraform Cloud token abuse turns speculative plan into remo...
 2025-08-19 17:22:17 +02:00
SirBroccoli
3ff0c8a86f Update terraform-security.md 2025-08-19 17:22:04 +02:00
carlospolop
414eeda035 Merge branch 'master' of github.com:HackTricks-wiki/hacktricks-cloud 2025-08-18 16:51:47 +02:00
carlospolop
dac7b0f906 fix? 2025-08-18 16:51:43 +02:00
SirBroccoli
3b456ebc2e Merge pull request #195 from HackTricks-wiki/update_How_to_transfer_files_in_AWS_using_SSM_20250806_013457 
How to transfer files in AWS using SSM
 2025-08-18 16:48:47 +02:00
SirBroccoli
f0df70528a Update README.md 2025-08-18 16:48:30 +02:00
SirBroccoli
f705477774 Merge pull request #193 from hasshido/master 
grte-mightocho
 2025-08-18 16:37:29 +02:00
carlospolop
aff8ab0252 Merge branch 'master' of github.com:HackTricks-wiki/hacktricks-cloud 2025-08-18 16:36:42 +02:00
carlospolop
06b577d42f f 2025-08-18 16:36:38 +02:00
SirBroccoli
14e986b2a7 Merge pull request #196 from lambdasawa/master 
grte-lambdasawa
 2025-08-18 16:06:12 +02:00
HackTricks News Bot
c76cc24a59 Add content from: Terraform Cloud token abuse turns speculative plan into remo... 2025-08-15 12:46:29 +00:00
Tsubasa Irisawa
15bde67918 Add GCP Cloud Tasks privesc page 2025-08-14 23:47:19 +09:00
HackTricks News Bot
3f16d3c5f3 Add content from: How to transfer files in AWS using SSM 2025-08-06 01:38:30 +00:00
afaq
82a44ea4c0 Updated Cognito Identity CLI Command Format 
Replaced outdated key=value syntax with JSON-based in "--logins" format, keeping the old format for preserved legacy.
 2025-08-04 23:56:55 +05:00
hasshido
839f139795 Merge branch 'HackTricks-wiki:master' into master 2025-08-04 12:41:01 +02:00
carlospolop
b82a88252c f 2025-08-04 11:37:34 +02:00
carlospolop
c3cfb95b87 f 2025-08-04 11:29:20 +02:00
carlospolop
e0b92e3b7a f 2025-08-01 12:04:42 +02:00
SirBroccoli
f521c0d95a Merge pull request #192 from HackTricks-wiki/update_AnsibleHound___BloodHound_Collector_for_Ansible_Wo_20250801_015104 
AnsibleHound – BloodHound Collector for Ansible WorX and Tow...
 2025-08-01 11:55:14 +02:00
SirBroccoli
96b0de9ec9 Update kubernetes-basics.md 2025-08-01 11:53:55 +02:00
SirBroccoli
6b96bae348 Update README.md 2025-08-01 11:53:20 +02:00
SirBroccoli
5fd9ed5048 Update gcp-add-custom-ssh-metadata.md 2025-08-01 11:52:52 +02:00
SirBroccoli
3157069bde Update az-static-web-apps.md 2025-08-01 11:51:49 +02:00
SirBroccoli
ccd50a451d Update eventbridgescheduler-enum.md 2025-08-01 11:50:45 +02:00
SirBroccoli
0a1f3dea22 Update aws-ecr-enum.md 2025-08-01 11:50:28 +02:00
SirBroccoli
e1bc13c19c Update aws-waf-enum.md 2025-08-01 11:49:21 +02:00
SirBroccoli
58c7ae8399 Update aws-trusted-advisor-enum.md 2025-08-01 11:49:00 +02:00
SirBroccoli
0ba0d247a8 Update aws-inspector-enum.md 2025-08-01 11:48:43 +02:00
SirBroccoli
6f8738f34f Update aws-sagemaker-persistence.md 2025-08-01 11:47:18 +02:00
HackTricks News Bot
ed2ae1e58f Add content from: AnsibleHound – BloodHound Collector for Ansible WorX and Tow... 2025-08-01 01:52:00 +00:00
Tsubasa Irisawa
dbe2969386 Add AWS AppRunner privesc page 2025-08-01 10:09:11 +09:00
hasshido
95f380db6b Update gcp-cloudbuild-privesc.md removing cloudbuild.builds.update 
### `cloudbuild.builds.update`

Currently this permission is listed to **only** be able to be used to use the api method `builds.cancel()` which cannot be abused to change the parameters of an ongoing build

References:
- https://cloud.google.com/build/docs/iam-roles-permissions#permissions
- https://cloud.google.com/build/docs/api/reference/rest/v1/projects.builds/cancel
 2025-07-30 21:13:32 +02:00
hasshido
65da889db0 Update cloudbuild.builds.create exploitation method 
Includes direct gcloud command descriptioon to exploit this permission.
 2025-07-30 21:00:52 +02:00
carlospolop
45a7b74a0f f 2025-07-30 12:39:44 +02:00