Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-14 17:07:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 386 pages modified

Browse source
This commit is contained in:
CPol 2020-11-12 11:04:11 +00:00 committed by gitbook-bot
parent 28c6cf08dd
commit a6fb03645c
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
3 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cloud-security-review.md
View file

@ -94,6 +94,10 @@ azscan #Run, login before with `az login`
* **Periodic SQL servers scans**: _Select the SQL server_ --> _Make sure that 'Advanced data security' is set to 'On'_ --> _Under 'Vulnerability assessment settings', set 'Periodic recurring scans' to 'On', and configure a storage account for storing vulnerability assessment scan results_ --> _Click Save_
* **Lack of App Services restrictions**: Look for "App Services" in Azure \([https://portal.azure.com/\#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites)\) and check if anyone is being used. In that case check go through each App checking for "Access Restrictions" and there aren't rules, report it. The access to the app service should be restricted according to the needs.
## Office365
You need **Global Admin Reader**
## AWS
Get objets in graph: [https://github.com/FSecureLABS/awspx](https://github.com/FSecureLABS/awspx)

2
pentesting-web/xss-cross-site-scripting/README.md
View file

@ -480,7 +480,7 @@ A XSS occurs.
If you find that you can **inject headers in a 302 Redirect response** you could try to **make the browser execute arbitrary JavaScript**. This is **not trivial** as modern browsers do not interpret the HTTP response body if the HTTP response status code is a 302, so just a cross-site scripting payload is useless.
In [**this report**](https://www.gremwell.com/firefox-xss-302) you can read how you can test several protocols inside the Location header and see if any of them allows the browser to inspect and execute the XSS payload inside the body.
In [**this report**](https://www.gremwell.com/firefox-xss-302) and [**this one**](https://www.hahwul.com/2020/10/03/forcing-http-redirect-xss/) you can read how you can test several protocols inside the Location header and see if any of them allows the browser to inspect and execute the XSS payload inside the body.
Past known protocols: `mailto://`, `//x:1/`, `ws://`, `wss://`, _empty Location header_, `resource://`.
### Obfuscation & Advanced Bypass

2
pentesting/pentesting-web/buckets/aws-s3.md
View file

@ -261,6 +261,8 @@ If you want to read about how can you exploit meta-data in AWS [you should read
{% embed url="https://github.com/fellchase/flumberboozle" %}
{% embed url="https://github.com/smaranchand/bucky" %}
\*\*\*\*
## **List of Open Buckets**