Redacting secrets to fix GH Pages CI/CD + Fix links

2024-03-22 14:29:14 +01:00 · 2024-03-22 14:29:14 +01:00 · 16adcd22c1
parent 581fdf4f18
commit 16adcd22c1
5 changed files with 8 additions and 8 deletions
--- a/docs/cloud/aws/AWS
+++ b/docs/cloud/aws/AWS
@ -22,7 +22,7 @@ arn:aws:iam:100:user/admin
 ## IAM
 *  It's assumed that we have gain access to the AWS Credentials
-*  We can see if we have permissions using [Amazon's policy simulator](**[https://policysim.aws.amazon.com/](https://policysim.aws.amazon.com/)**)
+*  We can see if we have permissions using [Amazon's policy simulator](https://policysim.aws.amazon.com/)
 *  Always look for policies and roles with the * symbol.
 *  See which user do not have MFA enabled
 *  User enumeration in IAM Panel and group enumeration
--- a/docs/cloud/aws/aws-metadata.md
+++ b/docs/cloud/aws/aws-metadata.md
@ -37,8 +37,8 @@ Example : https://awesomeapp.com/forward?target=http://169.254.169.254/latest/me
    "Code" : "Success",
    "LastUpdated" : "2019-07-31T23:08:10Z",
    "Type" : "AWS-HMAC",
-    "AccessKeyId" : "ASIA54BL6PJR37YOEP67",
+    "AccessKeyId" : "ASIAREDACTEDXXXXXXXX",
-    "SecretAccessKey" : "OiAjgcjm1oi2xxxxxxxxOEXkhOMhCOtJMP2",
+    "SecretAccessKey" : "XXXXXXXXXXXXXXXXXXXXXX",
    "Token" : "AgoJb3JpZ2luX2VjEDU86Rcfd/34E4rtgk8iKuTqwrRfOppiMnv",
    "Expiration" : "2019-08-01T05:20:30Z"
    }
@ -59,9 +59,9 @@ Example : https://awesomeapp.com/forward?target=http://169.254.169.254/latest/me
    ```powershell
    {
        "RoleArn": "arn:aws:iam::953574914659:role/awesome-waf-role",
-        "AccessKeyId": "ASIA54BL6PJR2L75XHVS",
+        "AccessKeyId": "ASIAXXXXXXXXXX",
        "SecretAccessKey": "j72eTy+WHgIbO6zpe2DnfjEhbObuTBKcemfrIygt",
-        "Token": "FQoGZXIvYXdzEMj//////////wEaDEQW+wwBtaoyqH5lNSLGBF3PnwnLYa3ggfKBtLMoWCEyYklw6YX85koqNwKMYrP6ymcjv4X2gF5enPi9/Dx6m/1TTFIwMzZ3tf4V3rWP3HDt1ea6oygzTrWLvfdp57sKj+2ccXI+WWPDZh3eJr4Wt4JkiiXrWANn7Bx3BUj9ZM11RXrKRCvhrxdrMLoewRkWmErNEOFgbaCaT8WeOkzqli4f+Q36ZerT2V+FJ4SWDX1CBsimnDAMAdTIRSLFxVBBwW8171OHiBOYAMK2np1xAW1d3UCcZcGKKZTjBee2zs5+Rf5Nfkoq+j7GQkmD2PwCeAf0RFETB5EVePNtlBWpzfOOVBtsTUTFewFfx5cyNsitD3C2N93WR59LX/rNxyncHGDUP/6UPlasOcfzAaG738OJQmWfQTR0qksHIc2qiPtkstnNndh76is+r+Jc4q3wOWu2U2UBi44Hj+OS2UTpMAwc/MshIiGsUOrBQdPqcLLdAxKpUNTdSQNLg5wv4f2OrOI8/sneV58yBRolBz8DZoH8wohtLXpueDt8jsVSVLznnMOOe/4ehHE2Nt+Fy+tjaY5FUi/Ijdd5IrIdIvWFHY1XcPopUFYrDqr0yuZvX1YddfIcfdbmxf274v69FuuywXTo7cXk1QTMYZWlD/dPI/k6KQeO446UrHT9BJxcJMpchAIVRpI7nVKkSDwku1joKUG7DOeycuAbhecVZG825TocL0ks2yXPnIdvckAaU9DZf+afIV3Nxv3TI4sSX1npBhb2f/8C31pv8VHyu2NiN5V6OOHzZijHsYXsBQ==",
+        "Token": "FQoGZXIvYXdzEMj/////...jHsYXsBQ==",
        "Expiration": "2019-09-18T04:05:59Z"
    }
    ```
--- a/docs/cloud/azure/azure-access-and-token.md
+++ b/docs/cloud/azure/azure-access-and-token.md
@ -322,7 +322,7 @@ MimiKatz (version 2.2.0 and above) can be used to attack (hybrid) Azure AD joine
 * Request a nonce from AAD: `roadrecon auth --prt-init -t <tenant-id>`
 * Use [dirkjanm/ROADtoken](https://github.com/dirkjanm/ROADtoken) or [wotwot563/aad_prt_bof](https://github.com/wotwot563/aad_prt_bof) to initiate a new PRT request.
 * `roadrecon auth --prt-cookie <prt-cookie> --tokens-stdout --debug` or  `roadtx gettoken --prt-cookie <x-ms-refreshtokencredential>`
-* Then browse to [login.microsoftonline.com ](login.microsoftonline.com ) with a cookie `x-ms-RefreshTokenCredential:<output-from-roadrecon>`
+* Then browse to [login.microsoftonline.com](login.microsoftonline.com) with a cookie `x-ms-RefreshTokenCredential:<output-from-roadrecon>`
    ```powershell
    Name: x-ms-RefreshTokenCredential
    Value: <Signed JWT>
--- a/docs/methodology/bug-hunting-methodology.md
+++ b/docs/methodology/bug-hunting-methodology.md
@ -78,7 +78,7 @@
 * Locate `robots.txt`, `security.txt`, `sitemap.xml` files
 * Retrieve comments in source code
-* Discover URL: [tomnomnom/waybackurls](github.com/tomnomnom/waybackurls)
+* Discover URL: [tomnomnom/waybackurls](https://github.com/tomnomnom/waybackurls)
 * Search for `hidden` parameters: [PortSwigger/param-miner](https://github.com/PortSwigger/param-miner)
 * List all the subdirectories and files with `gobuster` or `ffuf`
--- a/docs/redteam/escalation/windows-privilege-escalation.md
+++ b/docs/redteam/escalation/windows-privilege-escalation.md
@ -833,7 +833,7 @@ List of exploits kernel : [https://github.com/SecWiki/windows-kernel-exploits](h
 - [MS16-016](https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-016) 　[KB3136041]　　[WebDAV]　　(2008/Vista/7)
 - [MS16-014](https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS16-014) 　[K3134228]　　[remote code execution]　　(2008/Vista/7)    
 ...
- [MS03-026](./MS03-026) 　[KB823980]　　 [Buffer Overrun In RPC Interface]　　(/NT/2000/XP/2003)  
+- [MS03-026](https://www.exploit-db.com/exploits/66) 　[KB823980]　　 [Buffer Overrun In RPC Interface]　　(/NT/2000/XP/2003)  
 To cross compile a program from Kali, use the following command.