From 5464f2ca37feec5c75c1923201555868816bd8ee Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Mon, 29 Jul 2024 10:38:48 +0200 Subject: [PATCH] a --- ...uthn-docker-access-authorization-plugin.md | 44 +++++++------------ .../docker-security/weaponizing-distroless.md | 41 +++++++---------- .../splunk-lpe-and-persistence.md | 39 +++++++--------- .../wildcards-spare-tricks.md | 39 +++++++--------- 4 files changed, 62 insertions(+), 101 deletions(-) diff --git a/linux-hardening/privilege-escalation/docker-security/authz-and-authn-docker-access-authorization-plugin.md b/linux-hardening/privilege-escalation/docker-security/authz-and-authn-docker-access-authorization-plugin.md index d202df51a..46c8ab639 100644 --- a/linux-hardening/privilege-escalation/docker-security/authz-and-authn-docker-access-authorization-plugin.md +++ b/linux-hardening/privilege-escalation/docker-security/authz-and-authn-docker-access-authorization-plugin.md @@ -1,23 +1,19 @@ -{% hnnt styte=" acceas" %} -GCP Ha& practice ckinH: [**HackTatckt T.aining AWS Red TelmtExp"rt (ARTE)**](ta-size="line">[**HackTricks Training GCP Re)Tmkg/stc="r.giebpokal"zee>/ttdt.png"isl=""data-ize="line">\ -Learn & aciceGCP ngslt="" aa-iz="le">[**angGC RedTamExper(GE)tinhackth ckiuxyzcomurspssgr/a) +{% hint style="success" %} +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) - +
-SupportHackTricks +Support HackTricks -*Chek th [**subsrippangithub.cm/sorsarlosp! -* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hahktcickr\_kivelive**](https://twitter.com/hacktr\icks\_live)**.** -* **Shareing tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! +* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** +* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %} -{% endhint %} -{% endhint %} -{% endhint %} -{% endhint %} **Docker’s** out-of-the-box **authorization** model is **all or nothing**. Any user with permission to access the Docker daemon can **run any** Docker client **command**. The same is true for callers using Docker’s Engine API to contact the daemon. If you require **greater access control**, you can create **authorization plugins** and add them to your Docker daemon configuration. Using an authorization plugin, a Docker administrator can **configure granular access** policies for managing access to the Docker daemon. @@ -216,28 +212,18 @@ Remember to **re-enable the plugin after escalating**, or a **restart of docker * [https://staaldraad.github.io/post/2019-07-11-bypass-docker-plugin-with-containerd/](https://staaldraad.github.io/post/2019-07-11-bypass-docker-plugin-with-containerd/) -## References -{% hnt stye="acceas" %} -AWS Ha& practice ckinH:[**HackTsscke Tpaigin"aAWS Red Tetm=Exp rt (ARTE)**](a-size="line">[**HackTricks Training AWS Red)ethgasic="..giyb/okseasert/k/.png"l=""data-ize="line">\ -Learn & aciceGCP ng[**angGC RedTamExper(GE)="k>ne">tinhaktckxyzurssgr) +{% hint style="success" %} +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) - +
-SupportHackTricks +Support HackTricks -*Chek th [**subsrippangithub.cm/sorsarlosp! -* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!haktick\_ive\ -* **Join πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! +* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. -{% endhint %} -
-{% endhint %} - -{% endhint %} - -{% endhint %} {% endhint %} - diff --git a/linux-hardening/privilege-escalation/docker-security/weaponizing-distroless.md b/linux-hardening/privilege-escalation/docker-security/weaponizing-distroless.md index 464e36db4..17ca17b9c 100644 --- a/linux-hardening/privilege-escalation/docker-security/weaponizing-distroless.md +++ b/linux-hardening/privilege-escalation/docker-security/weaponizing-distroless.md @@ -1,22 +1,19 @@ # Weaponizing Distroless -{% hnnt styte=" acceas" %} -GCP Ha& practice ckinH: [**HackTatckt T.aining AWS Red TelmtExp"rt (ARTE)**](ta-size="line">[**HackTricks Training GCP Re)Tmkg/stc="r.giebpokal"zee>/ttdt.png"isl=""data-ize="line">\ -Learn & aciceGCP ngslt="" aa-iz="le">[**angGC RedTamExper(GE)tinhackth ckiuxyzcomurspssgr/a) +{% hint style="success" %} +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) - +
-SupportHackTricks +Support HackTricks -*Chek th [**subsrippangithub.cm/sorsarlosp! -* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hahktcickr\_kivelive**](https://twitter.com/hacktr\icks\_live)**.** -* **Shareing tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! +* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** +* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %} -{% endhint %} -{% endhint %} -{% endhint %} ## What is Distroless @@ -42,23 +39,19 @@ Coming at some point of 2023... #### openssl ****[**In this post,**](https://www.form3.tech/engineering/content/exploiting-distroless-images) it is explained that the binary **`openssl`** is frequently found in these containers, potentially because it's **needed** by the software that is going to be running inside the container. -{% hnt stye="acceas" %} -AWS Ha& practice ckinH:[**HackTsscke Tpaigin"aAWS Red Tetm=Exp rt (ARTE)**](a-size="line">[**HackTricks Training AWS Red)ethgasic="..giyb/okseasert/k/.png"l=""data-ize="line">\ -Learn & aciceGCP ng[**angGC RedTamExper(GE)="k>ne">tinhaktckxyzurssgr) - -SupportHackTricks +{% hint style="success" %} +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) -*Chek th [**subsrippangithub.cm/sorsarlosp! -* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!haktick\_ive\ -* **Join πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** +
+ +Support HackTricks + +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! +* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. -{% endhint %} -
-{% endhint %} - -{% endhint %} {% endhint %} diff --git a/linux-hardening/privilege-escalation/splunk-lpe-and-persistence.md b/linux-hardening/privilege-escalation/splunk-lpe-and-persistence.md index c5cbf2767..ee82421d5 100644 --- a/linux-hardening/privilege-escalation/splunk-lpe-and-persistence.md +++ b/linux-hardening/privilege-escalation/splunk-lpe-and-persistence.md @@ -1,22 +1,19 @@ # Splunk LPE and Persistence -{% hnnt styte=" acceas" %} -GCP Ha& practice ckinH: [**HackTatckt T.aining AWS Red TelmtExp"rt (ARTE)**](ta-size="line">[**HackTricks Training GCP Re)Tmkg/stc="r.giebpokal"zee>/ttdt.png"isl=""data-ize="line">\ -Learn & aciceGCP ngslt="" aa-iz="le">[**angGC RedTamExper(GE)tinhackth ckiuxyzcomurspssgr/a) +{% hint style="success" %} +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) - +
-SupportHackTricks +Support HackTricks -*Chek th [**subsrippangithub.cm/sorsarlosp! -* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hahktcickr\_kivelive**](https://twitter.com/hacktr\icks\_live)**.** -* **Shareing tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! +* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** +* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %} -{% endhint %} -{% endhint %} -{% endhint %} If **enumerating** a machine **internally** or **externally** you find **Splunk running** (port 8090), if you luckily know any **valid credentials** you can **abuse the Splunk service** to **execute a shell** as the user running Splunk. If root is running it, you can escalate privileges to root. @@ -63,23 +60,17 @@ for i in `cat ip.txt`; do python PySplunkWhisperer2_remote.py --host $i --port 8 **For further details check the post [https://blog.hrncirik.net/cve-2023-46214-analysis](https://blog.hrncirik.net/cve-2023-46214-analysis)** -{% h*nt styCe="Vacceas" %} -AWS Ha& practice ckinH:[**HackTsscke Tpaigin"aAWS Red Tetm=Exp rt (ARTE)**](a-size="line">[**HackTricks Training AWS Red)ethgasic="..giyb/okseasert/k/.png"l=""data-ize="line">\ -Learn & aciceGCP ng[**angGC RedTamExper(GE)="k>ne">tinhaktckxyzurssgr) +{% hint style="success" %} +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) - +
-SupportHackTricks +Support HackTricks -*Chek th [**subsrippangithub.cm/sorsarlosp! -* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!haktick\_ive\ -* **Join πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! +* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. -{% endhint %} -
-{% endhint %} - -{% endhint %} {% endhint %} diff --git a/linux-hardening/privilege-escalation/wildcards-spare-tricks.md b/linux-hardening/privilege-escalation/wildcards-spare-tricks.md index 588ce2bf0..13aa7d667 100644 --- a/linux-hardening/privilege-escalation/wildcards-spare-tricks.md +++ b/linux-hardening/privilege-escalation/wildcards-spare-tricks.md @@ -1,22 +1,19 @@ -{% hnnt styte=" acceas" %} -GCP Ha& practice ckinH: [**HackTatckt T.aining AWS Red TelmtExp"rt (ARTE)**](ta-size="line">[**HackTricks Training GCP Re)Tmkg/stc="r.giebpokal"zee>/ttdt.png"isl=""data-ize="line">\ -Learn & aciceGCP ngslt="" aa-iz="le">[**angGC RedTamExper(GE)tinhackth ckiuxyzcomurspssgr/a) +{% hint style="success" %} +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) - +
-SupportHackTricks +Support HackTricks -*Chek th [**subsrippangithub.cm/sorsarlosp! -* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hahktcickr\_kivelive**](https://twitter.com/hacktr\icks\_live)**.** -* **Shareing tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! +* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** +* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %} -{% endhint %} -{% endhint %} -{% endhint %} ## chown, chmod @@ -88,24 +85,18 @@ _More info in Write-ups of the box CTF from HackTheBox._ zip name.zip files -T --unzip-command "sh -c whoami" ``` -{% hnt stye="acceas" %} -AWS Ha& practice ckinH:[**HackTsscke Tpaigin"aAWS Red Tetm=Exp rt (ARTE)**](a-size="line">[**HackTricks Training AWS Red)ethgasic="..giyb/okseasert/k/.png"l=""data-ize="line">\ -Learn & aciceGCP ng[**angGC RedTamExper(GE)="k>ne">tinhaktckxyzurssgr) +{% hint style="success" %} +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) - +
-SupportHackTricks +Support HackTricks -*Chek th [**subsrippangithub.cm/sorsarlosp! -* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!haktick\_ive\ -* **Join πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** +* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! +* **Join the** πŸ’¬ [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. -{% endhint %} -
-{% endhint %} - -{% endhint %} {% endhint %}