mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-27 07:01:09 +00:00
320 lines
24 KiB
Markdown
320 lines
24 KiB
Markdown
# DOM XSS
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Je, ungependa kuona **kampuni yako ikionekana katika HackTricks**? Au ungependa kupata ufikiaji wa **toleo jipya zaidi la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **nifuatilie** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
|
|
|
|
</details>
|
|
|
|
## Udhaifu wa DOM
|
|
|
|
Udhaifu wa DOM hutokea wakati data kutoka kwenye **vyanzo** vinavyodhibitiwa na mshambuliaji (kama vile `location.search`, `document.referrer`, au `document.cookie`) inahamishwa kwa **sinks** bila usalama. Sinks ni kazi au vitu (kwa mfano, `eval()`, `document.body.innerHTML`) ambavyo vinaweza kutekeleza au kuonyesha maudhui hatari ikiwa inapewa data yenye nia mbaya.
|
|
|
|
- **Vyanzo** ni pembejeo ambazo zinaweza kudhibitiwa na wadukuzi, ikiwa ni pamoja na URL, vidakuzi, na ujumbe wa wavuti.
|
|
- **Sinks** ni hatima hatari ambapo data yenye nia mbaya inaweza kusababisha athari mbaya, kama vile utekelezaji wa script.
|
|
|
|
Hatari inatokea wakati data inatiririka kutoka chanzo hadi sink bila ukaguzi au usafi sahihi, kuruhusu mashambulizi kama XSS.
|
|
|
|
{% hint style="info" %}
|
|
**Unaweza kupata orodha iliyosasishwa zaidi ya vyanzo na sinks katika** [**https://github.com/wisec/domxsswiki/wiki**](https://github.com/wisec/domxsswiki/wiki)
|
|
{% endhint %}
|
|
|
|
**Vyanzo vya kawaida:**
|
|
```javascript
|
|
document.URL
|
|
document.documentURI
|
|
document.URLUnencoded
|
|
document.baseURI
|
|
location
|
|
document.cookie
|
|
document.referrer
|
|
window.name
|
|
history.pushState
|
|
history.replaceState
|
|
localStorage
|
|
sessionStorage
|
|
IndexedDB (mozIndexedDB, webkitIndexedDB, msIndexedDB)
|
|
Database
|
|
```
|
|
**Mifereji Maarufu:**
|
|
|
|
| [**Uelekezaji Wazi**](dom-xss.md#open-redirect) | [**Uingizaji wa Javascript**](dom-xss.md#javascript-injection) | [**Ubadilishaji wa Data wa DOM**](dom-xss.md#dom-data-manipulation) | **jQuery** |
|
|
| -------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | ------------------------------------------------------------- | ---------------------------------------------------------------------- |
|
|
| `location` | `eval()` | `scriptElement.src` | `add()` |
|
|
| `location.host` | `Function() constructor` | `scriptElement.text` | `after()` |
|
|
| `location.hostname` | `setTimeout()` | `scriptElement.textContent` | `append()` |
|
|
| `location.href` | `setInterval()` | `scriptElement.innerText` | `animate()` |
|
|
| `location.pathname` | `setImmediate()` | `someDOMElement.setAttribute()` | `insertAfter()` |
|
|
| `location.search` | `execCommand()` | `someDOMElement.search` | `insertBefore()` |
|
|
| `location.protocol` | `execScript()` | `someDOMElement.text` | `before()` |
|
|
| `location.assign()` | `msSetImmediate()` | `someDOMElement.textContent` | `html()` |
|
|
| `location.replace()` | `range.createContextualFragment()` | `someDOMElement.innerText` | `prepend()` |
|
|
| `open()` | `crypto.generateCRMFRequest()` | `someDOMElement.outerText` | `replaceAll()` |
|
|
| `domElem.srcdoc` | **\`\`**[**Ubadilishaji wa Njia ya Faili ya Ndani**](dom-xss.md#local-file-path-manipulation) | `someDOMElement.value` | `replaceWith()` |
|
|
| `XMLHttpRequest.open()` | `FileReader.readAsArrayBuffer()` | `someDOMElement.name` | `wrap()` |
|
|
| `XMLHttpRequest.send()` | `FileReader.readAsBinaryString()` | `someDOMElement.target` | `wrapInner()` |
|
|
| `jQuery.ajax()` | `FileReader.readAsDataURL()` | `someDOMElement.method` | `wrapAll()` |
|
|
| `$.ajax()` | `FileReader.readAsText()` | `someDOMElement.type` | `has()` |
|
|
| **\`\`**[**Ubadilishaji wa Ombi la Ajax**](dom-xss.md#ajax-request-manipulation) | `FileReader.readAsFile()` | `someDOMElement.backgroundImage` | `constructor()` |
|
|
| `XMLHttpRequest.setRequestHeader()` | `FileReader.root.getFile()` | `someDOMElement.cssText` | `init()` |
|
|
| `XMLHttpRequest.open()` | `FileReader.root.getFile()` | `someDOMElement.codebase` | `index()` |
|
|
| `XMLHttpRequest.send()` | [**Ubadilishaji wa Kiungo**](dom-xss.md#link-manipulation) | `someDOMElement.innerHTML` | `jQuery.parseHTML()` |
|
|
| `jQuery.globalEval()` | `someDOMElement.href` | `someDOMElement.outerHTML` | `$.parseHTML()` |
|
|
| `$.globalEval()` | `someDOMElement.src` | `someDOMElement.insertAdjacentHTML` | [**Uingizaji wa JSON kwenye upande wa Mteja**](dom-xss.md#client-side-sql-injection) |
|
|
| **\`\`**[**Ubadilishaji wa Uhifadhi wa HTML5**](dom-xss.md#html-5-storage-manipulation) | `someDOMElement.action` | `someDOMElement.onevent` | `JSON.parse()` |
|
|
| `sessionStorage.setItem()` | [**Uingizaji wa XPath**](dom-xss.md#xpath-injection) | `document.write()` | `jQuery.parseJSON()` |
|
|
| `localStorage.setItem()` | `document.evaluate()` | `document.writeln()` | `$.parseJSON()` |
|
|
| **``**[**`Kukataa Huduma`**](dom-xss.md#denial-of-service)**``** | `someDOMElement.evaluate()` | `document.title` | **\`\`**[**Ubadilishaji wa Kidakuzi**](dom-xss.md#cookie-manipulation) |
|
|
| `requestFileSystem()` | **\`\`**[**Ubadilishaji wa Kikoa cha Hati**](dom-xss.md#document-domain-manipulation) | `document.implementation.createHTMLDocument()` | `document.cookie` |
|
|
| `RegExp()` | `document.domain` | `history.pushState()` | [**Uharibifu wa URL wa WebSocket**](dom-xss.md#websocket-url-poisoning) |
|
|
| [**Uingizaji wa SQL kwenye upande wa Mteja**](dom-xss.md#client-side-sql-injection) | [**Ubadilishaji wa Ujumbe wa Wavuti**](dom-xss.md#web-message-manipulation) | `history.replaceState()` | `WebSocket` |
|
|
| `executeSql()` | `postMessage()` | \`\` | \`\` |
|
|
|
|
Mfereji wa **`innerHTML`** haupokei vipengele vya `script` kwenye kivinjari chochote cha kisasa, wala haifanyi matukio ya `svg onload`. Hii inamaanisha kuwa utahitaji kutumia vipengele mbadala kama `img` au `iframe`.
|
|
|
|
Aina hii ya XSS inawezekana kuwa **ngumu zaidi kupata**, kwani unahitaji kutazama ndani ya msimbo wa JS, kuona ikiwa **inatumia** kitu chochote ambacho **thamani yake unadhibiti**, na katika kesi hiyo, kuona ikiwa kuna **njia yoyote ya kuitumia** kutekeleza JS ya kiholela.
|
|
|
|
## Zana za kuzipata
|
|
|
|
* [https://github.com/mozilla/eslint-plugin-no-unsanitized](https://github.com/mozilla/eslint-plugin-no-unsanitized)
|
|
|
|
Mifano
|
|
|
|
### Uelekezaji Wazi
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/open-redirection](https://portswigger.net/web-security/dom-based/open-redirection)
|
|
|
|
**Udhaifu wa uelekezaji wazi katika DOM** hutokea wakati skripti inaandika data, ambayo mshambuliaji anaweza kuidhibiti, katika mfereji ambao unaweza kuanzisha uelekezaji kati ya vikoa.
|
|
|
|
Ni muhimu kuelewa kuwa kutekeleza msimbo wa kiholela, kama vile **`javascript:alert(1)`**, inawezekana ikiwa una udhibiti juu ya mwanzo wa URL ambapo uelekezaji unatokea.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
location
|
|
location.host
|
|
location.hostname
|
|
location.href
|
|
location.pathname
|
|
location.search
|
|
location.protocol
|
|
location.assign()
|
|
location.replace()
|
|
open()
|
|
domElem.srcdoc
|
|
XMLHttpRequest.open()
|
|
XMLHttpRequest.send()
|
|
jQuery.ajax()
|
|
$.ajax()
|
|
```
|
|
### Ubadilishaji wa Cookie
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/cookie-manipulation](https://portswigger.net/web-security/dom-based/cookie-manipulation)
|
|
|
|
Udhaifu wa udhibiti wa cookie unaotegemea DOM hutokea wakati script inajumuisha data, ambayo inaweza kudhibitiwa na mshambuliaji, katika thamani ya cookie. Udhaifu huu unaweza kusababisha tabia isiyotarajiwa ya ukurasa ikiwa cookie inatumika ndani ya tovuti. Zaidi ya hayo, inaweza kutumiwa kutekeleza shambulio la kufikia kikao ikiwa cookie inahusishwa na kufuatilia vikao vya watumiaji. Sink kuu inayohusiana na udhaifu huu ni:
|
|
|
|
Sink:
|
|
```javascript
|
|
document.cookie
|
|
```
|
|
### Uingizaji wa JavaScript
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/javascript-injection](https://portswigger.net/web-security/dom-based/javascript-injection)
|
|
|
|
Mazingira ya uingizaji wa JavaScript yanayotegemea DOM hutokea wakati script inatekeleza data, ambayo inaweza kudhibitiwa na mshambuliaji, kama nambari ya JavaScript.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
eval()
|
|
Function() constructor
|
|
setTimeout()
|
|
setInterval()
|
|
setImmediate()
|
|
execCommand()
|
|
execScript()
|
|
msSetImmediate()
|
|
range.createContextualFragment()
|
|
crypto.generateCRMFRequest()
|
|
```
|
|
### Kubadilisha kikoa cha hati
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/document-domain-manipulation](https://portswigger.net/web-security/dom-based/document-domain-manipulation)
|
|
|
|
**Mambo yanayoweza kusababisha kushughulikia kikoa cha hati** hutokea wakati script inaweka mali ya `document.domain` kwa kutumia data ambayo mshambuliaji anaweza kudhibiti.
|
|
|
|
Mali ya `document.domain` inacheza **jukumu muhimu** katika **utekelezaji** wa **sera ya asili sawa** na vivinjari. Wakati kurasa mbili kutoka asili tofauti zinaweka `document.domain` yao kwa **thamani sawa**, zinaweza kuingiliana bila vizuizi. Ingawa vivinjari hawaruhusu thamani zote zinazoweza kuwekwa kwa `document.domain`, kuzuia kuweka thamani zisizohusiana kabisa na asili halisi ya ukurasa, kuna ubaguzi. Kwa kawaida, vivinjari huruhusu matumizi ya **vikoa vya watoto** au **vikoa vya wazazi**.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
document.domain
|
|
```
|
|
### Kuharibu URL ya WebSocket
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/websocket-url-poisoning](https://portswigger.net/web-security/dom-based/websocket-url-poisoning)
|
|
|
|
**Kuharibu URL ya WebSocket** hutokea wakati script inatumia **data inayoweza kudhibitiwa kama URL ya lengo** kwa uhusiano wa WebSocket.
|
|
|
|
Mifereji:
|
|
|
|
Mjenzi wa `WebSocket` inaweza kusababisha udhaifu wa kuharibu URL ya WebSocket.
|
|
|
|
### Ubadilishaji wa Viungo
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/link-manipulation](https://portswigger.net/web-security/dom-based/link-manipulation)
|
|
|
|
**Udhaifu wa ubadilishaji wa viungo kulingana na DOM** hutokea wakati script inaandika **data inayoweza kudhibitiwa na mshambuliaji kwenye lengo la urambazaji** ndani ya ukurasa wa sasa, kama kiungo kinachoweza bonyezwa au URL ya kuwasilisha fomu.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
someDOMElement.href
|
|
someDOMElement.src
|
|
someDOMElement.action
|
|
```
|
|
### Ubadilishaji wa Ombi la Ajax
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/ajax-request-header-manipulation](https://portswigger.net/web-security/dom-based/ajax-request-header-manipulation)
|
|
|
|
**Udhaifu wa ubadilishaji wa ombi la Ajax** unatokea wakati script inaandika **data inayoweza kudhibitiwa na mshambuliaji katika ombi la Ajax** ambalo linatolewa kwa kutumia kitu cha `XmlHttpRequest`.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
XMLHttpRequest.setRequestHeader()
|
|
XMLHttpRequest.open()
|
|
XMLHttpRequest.send()
|
|
jQuery.globalEval()
|
|
$.globalEval()
|
|
```
|
|
### Ubadilishaji wa njia ya faili ya ndani
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/local-file-path-manipulation](https://portswigger.net/web-security/dom-based/local-file-path-manipulation)
|
|
|
|
**Udhaifu wa ubadilishaji wa njia ya faili ya ndani** unatokea wakati script inapitisha **data inayoweza kudhibitiwa na mshambuliaji kwa API ya kushughulikia faili** kama parameter ya `filename`. Udhaifu huu unaweza kutumiwa na mshambuliaji kuunda URL ambayo, ikiwa inatembelewa na mtumiaji mwingine, inaweza kusababisha **kivinjari cha mtumiaji kufungua au kuandika faili ya ndani isiyo na kikomo**.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
FileReader.readAsArrayBuffer()
|
|
FileReader.readAsBinaryString()
|
|
FileReader.readAsDataURL()
|
|
FileReader.readAsText()
|
|
FileReader.readAsFile()
|
|
FileReader.root.getFile()
|
|
FileReader.root.getFile()
|
|
```
|
|
### Uingizaji wa SQL Upande wa Mteja
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/client-side-sql-injection](https://portswigger.net/web-security/dom-based/client-side-sql-injection)
|
|
|
|
**Udhaifu wa uingizaji wa SQL upande wa mteja** hutokea wakati script inajumuisha **data inayoweza kudhibitiwa na mshambuliaji katika swali la SQL upande wa mteja kwa njia isiyokuwa salama**.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
executeSql()
|
|
```
|
|
### Kubadilisha HTML5-storage
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/html5-storage-manipulation](https://portswigger.net/web-security/dom-based/html5-storage-manipulation)
|
|
|
|
**Makosa ya kubadilisha HTML5-storage** yanatokea wakati script **inahifadhi data inayoweza kudhibitiwa na mshambuliaji katika kuhifadhi ya HTML5 ya kivinjari cha wavuti** (`localStorage` au `sessionStorage`). Ingawa hatua hii haileti hatari ya usalama kwa asili, inakuwa tatizo ikiwa programu inasoma data iliyohifadhiwa na kuitumia bila usalama. Hii inaweza kuruhusu mshambuliaji kutumia mfumo wa kuhifadhi kufanya mashambulizi mengine yanayohusiana na DOM, kama vile udukuzi wa tovuti na uingizaji wa JavaScript.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
sessionStorage.setItem()
|
|
localStorage.setItem()
|
|
```
|
|
### Uingizaji wa XPath
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/client-side-xpath-injection](https://portswigger.net/web-security/dom-based/client-side-xpath-injection)
|
|
|
|
**Mazingira ya XPath-injection ya DOM-based** hutokea wakati script inajumuisha **data inayoweza kudhibitiwa na mshambuliaji katika ombi la XPath**.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
document.evaluate()
|
|
someDOMElement.evaluate()
|
|
```
|
|
### Uingizaji wa JSON upande wa Mteja
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/client-side-json-injection](https://portswigger.net/web-security/dom-based/client-side-json-injection)
|
|
|
|
**Mazingira hatarishi ya uingizaji wa JSON upande wa DOM** hutokea wakati script inajumuisha **data inayoweza kudhibitiwa na mshambuliaji katika string ambayo inachambuliwa kama muundo wa data wa JSON na kisha kusindika na programu**.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
JSON.parse()
|
|
jQuery.parseJSON()
|
|
$.parseJSON()
|
|
```
|
|
### Ubadilishaji wa Ujumbe wa Wavuti
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/web-message-manipulation](https://portswigger.net/web-security/dom-based/web-message-manipulation)
|
|
|
|
**Mambo hatarishi ya ujumbe wa wavuti** yanatokea wakati script inatuma **data inayoweza kudhibitiwa na mshambuliaji kama ujumbe wa wavuti kwenda hati nyingine** ndani ya kivinjari. **Mfano** wa udhaifu wa ubadilishaji wa ujumbe wa wavuti unaweza kupatikana kwenye [PortSwigger's Web Security Academy](https://portswigger.net/web-security/dom-based/controlling-the-web-message-source).
|
|
|
|
Mifereji:
|
|
|
|
Mbinu ya `postMessage()` ya kutuma ujumbe wa wavuti inaweza kusababisha udhaifu ikiwa msikilizaji wa tukio la kupokea ujumbe unashughulikia data inayopokelewa kwa njia isiyokuwa salama.
|
|
|
|
### Ubadilishaji wa Data ya DOM
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/dom-data-manipulation](https://portswigger.net/web-security/dom-based/dom-data-manipulation)
|
|
|
|
**Mambo hatarishi ya ubadilishaji wa data ya DOM** yanatokea wakati script inaandika **data inayoweza kudhibitiwa na mshambuliaji kwenye uga ndani ya DOM** ambao hutumiwa katika UI inayoonekana au mantiki ya upande wa mteja. Udhaifu huu unaweza kutumiwa na mshambuliaji kuunda URL ambayo, ikiwa inatembelewa na mtumiaji mwingine, inaweza kubadilisha muonekano au tabia ya UI ya upande wa mteja.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
scriptElement.src
|
|
scriptElement.text
|
|
scriptElement.textContent
|
|
scriptElement.innerText
|
|
someDOMElement.setAttribute()
|
|
someDOMElement.search
|
|
someDOMElement.text
|
|
someDOMElement.textContent
|
|
someDOMElement.innerText
|
|
someDOMElement.outerText
|
|
someDOMElement.value
|
|
someDOMElement.name
|
|
someDOMElement.target
|
|
someDOMElement.method
|
|
someDOMElement.type
|
|
someDOMElement.backgroundImage
|
|
someDOMElement.cssText
|
|
someDOMElement.codebase
|
|
document.title
|
|
document.implementation.createHTMLDocument()
|
|
history.pushState()
|
|
history.replaceState()
|
|
```
|
|
### Kukataa Huduma
|
|
|
|
Kutoka: [https://portswigger.net/web-security/dom-based/denial-of-service](https://portswigger.net/web-security/dom-based/denial-of-service)
|
|
|
|
**Makosa ya kukataa huduma yanayotokana na DOM** hutokea wakati script inapitisha **data inayoweza kudhibitiwa na mshambuliaji kwa njia isiyokuwa salama kwa API ya jukwaa lenye shida**. Hii ni pamoja na API ambazo, zinapoitwa, zinaweza kusababisha kompyuta ya mtumiaji kutumia **kiwango kikubwa cha CPU au nafasi ya diski**. Makosa kama haya yanaweza kuwa na athari kubwa, kama vile kivinjari kuzuia utendaji wa tovuti kwa kukataa jaribio la kuhifadhi data katika `localStorage` au kusitisha script zinazofanya kazi.
|
|
|
|
Mifereji:
|
|
```javascript
|
|
requestFileSystem()
|
|
RegExp()
|
|
```
|
|
## Dom Clobbering
|
|
|
|
{% content-ref url="dom-clobbering.md" %}
|
|
[dom-clobbering.md](dom-clobbering.md)
|
|
{% endcontent-ref %}
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Je, ungependa kuona **kampuni yako ikionekana katika HackTricks**? Au ungependa kupata ufikiaji wa **toleo jipya zaidi la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **nifuate** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
|
|
|
|
</details>
|