added Azure and GCP pentesting

Author: hdks-bug

src/exploit/cloud/_data.yml

@@ -0,0 +1,4 @@
+category1: cloud
+related_menus:
+  - title: Others
+    id: others

src/exploit/web/cloud/aws-pentesting.md renamed to src/exploit/cloud/aws-pentesting.md

@@ -2,10 +2,9 @@
 title: AWS (Amazon Web Services) Pentesting
 description: AWS (Amazon Web Services) provide on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. 
 tags:
-    - AWS
-    - Web
+    - Cloud
 refs:
-date: 2022-11-22
+date: 2024-12-18
 draft: false
 ---
 
@@ -23,28 +22,62 @@ arn:aws:<service>:<region>:<account_id>:<resource_type>/<resource_name>
 ```sh
 # Add credentials
 # This will add entries to .aws/config or .aws/credentials in user's home directory.
-# <profile-name> is arbitrary.
+# <profile-name> is arbitrary name.
 aws configure --profile <profile-name>
-
 # List credentials
 aws configure list --profile <profile-name>
 
+# List user policies
+aws iam list-user-policies --user-name <username>
+# Get a specified user policy
+aws iam get-user-policy --user-name <username> --policy-name <policy>
 
 # Find the account id belonging to an access key (access key starts with "AKIA")
 aws sts get-access-key-info --access-key-id AKIAQ31B...
-
 # Determin the username the access key you're using belogns to
 aws sts get-caller-identity --profile <profile-name>
 
 # List all EC2 instances running in an account
 aws ec2 describe-instances --output text --profile <profile-name>
-
 # List all EC2 instances running in an account in a dirrerent region
 aws ec2 describe-instances --output text --region us-east-1 --profile <profile-name>
 ```
 
 <br />
 
+## Assume Role
+
+Using "Assume Role" we can temporarily take on permissions associated with another role to access resources or perform tasks in a controlled and secure manner. Attackers may abuse this feature to escalate privileges.
+
+### 1. Get Credentials and Session Token
+
+At first, get the value of `SessionToken` with the `assume-role` command:
+
+```bash
+aws sts assume-role --role-arn <arn> --role-session-name <session>
+```
+
+### 2. Configure Credentials and Session Token
+
+Now we can set the values obtained above to our configuration.
+
+```bash
+aws configure
+# AWS Access Key ID: "<AccessKeyId>"
+# AWS Secret Access Key: "<SecretAccessKey>"
+aws configure set aws_session_token <SessionToken>
+```
+
+### 3. Verify Role
+
+To check if we’ve configured properly, run `get-caller-identity`:
+
+```bash
+aws sts get-caller-identity
+```
+
+<br />
+
 ## Amazon S3
 
 A public cloud storage resource available in Amazon Web Services (AWS) Simple Storage Service (S3), an object storage offering.

src/exploit/cloud/azure-pentesting.md

@@ -0,0 +1,54 @@
+---
+title: Azure Pentesting
+description:
+tags:
+    - Cloud
+refs:
+    - https://pwnedlabs.io/labs/azure-blob-container-to-initial-access
+date: 2024-12-18
+draft: false
+---
+
+## Install Azure CLI
+
+To pentesting Azure, we need to install Azure CLI on our machine. See https://learn.microsoft.com/en-us/cli/azure/install-azure-cli for details.
+
+Additionally, the `Az` PowerShell module is useful.
+
+```bash
+Import-Module -Name Az
+```
+
+<br />
+
+## Azure Blob Storage
+
+Azure Blob Storage stores static files in the URL: `https://<account>.blob.core.windows.net/`.  
+We can enumerate the target storage by accessing the following URLs in browser:
+
+```bash
+# Enumerate detailed information for the storage
+https://<account>.blob.core.windows.net/<container>?restype=container&comp=list
+
+# Enumerate directories
+https://<account>.blob.core.windows.net/<container>?restype=container&comp=list&delimiter=%2F
+
+# Enumerate version information
+https://<account>.blob.core.windows.net/<container>?restype=container&comp=list&include=versions
+# Specify version
+https://<account>.blob.core.windows.net/<container>/example.txt?versionid=2021-09-20T12:34:56.789Z
+```
+
+<br />
+
+## Active Directory
+
+Resources: [Microsoft Docs](https://learn.microsoft.com/en-us/powershell/module/az.resources/get-azaduser?view=azps-13.0.0)
+
+```bash
+# Get signin user
+Get-AzADUser -SignedIn
+
+# List users
+Get-AzADUser -First 10 -Select 'City' -AppendSelected
+```

src/exploit/cloud/gcp-pentesting.md

@@ -0,0 +1,40 @@
+---
+title: GCP (Google Cloud Platform) Pentesting
+description:
+tags:
+    - Cloud
+refs:
+    - https://pwnedlabs.io/labs/reveal-hidden-files-in-google-storage
+date: 2024-12-18
+draft: false
+---
+
+## Install Google Cloud CLI
+
+Before pentesting GCP, we need to install a dedicated CLI tool. See [the installation guide](https://cloud.google.com/sdk/docs/install) for details.  
+After installed, login with your Google credential:
+
+```bash
+gcloud auth login
+```
+
+<br />
+
+## Google Storage
+
+Google Storage allows users to store static files in the URL: `https://storage.googleapis.com/<bucket-name>/`.  
+We can enumerate the target storage as below:
+
+```bash
+# Enumerate accessible directories/files from outside.
+fuzz -u https://storage.googleapis.com/<bucket-name>/FUZZ -w wordlist.txt -fc 403
+
+# Display directories/files
+gsutil ls gs://<bucket-name>/example/
+
+# Download a file
+gsutil cp gs://<bucket-name>/example.txt
+
+# Get information for the bucket
+gsutil stat gs://<bucket-name>/index.html
+```

src/exploit/linux/archive/crack-7z-password.md

@@ -1,25 +1,37 @@
 ---
 title: Crack 7z Password
-description: 
+description: If a 7z file is protected with password, we can crack the password.
 tags: 
     - Archive
 refs:
-date: 2023-11-28
+date: 2024-12-18
 draft: false
 ---
 
 ## Crack
 
-```bash
+### 1. Convert to Hash
+
+First we need to convert the `.7z` file to hash.
+
+```sh
 7z2john example.7z > hash.txt
 # or
 /usr/share/john/7z2john.pl example.7z > hash.txt
-
-john --wordlist=wordlist.txt hash.txt
 ```
 
 If we got the error “`Can't locate Compress/Raw/Lzma.pm in @INC`...”, we need to install `libcompress-raw-lzma-perl` package so try:
 
 ```bash
 sudo apt install libcompress-raw-lzma-perl
 ```
+
+### 2. Crack the Hash
+
+Now we can crack the hash with one of the commands below:
+
+```sh
+john --wordlist=wordlist.txt hash.txt
+# or
+hashcat -m 11600 hash.txt wordlist.txt
+```

src/exploit/network/wifi/wifi-hacking.md

@@ -4,75 +4,61 @@ description:
 tags:
     - Network
 refs:
-date: 2024-06-19
+date: 2024-12-18
 draft: false
 ---
 
-## Investigation
-
-### Online Tools
-
-- **[WiGLE](https://wigle.net/)**
-
-    Wireless Network Mapping. If you have the BSSID, you can get the location.  
-    You need to create an account to use the advanced search.
-
-### Check Status
-
-- **Retrieve the Device IP Address**
-
-    ```sh
-    # IP address
-    ip addr
-    # IP address - Show the specific interface only
-    ip addr show eth0
-    ip addr show eth1
-    ip addr show tun0
-
-    # IPv4 only
-    ip -4 addr
-    # IPv6 only
-    ip -6 addr
-
-    # Static route
-    ip route
-    ```
-
-- **Delete Network Interfaces From Your Devices**
-
-    ```sh  
-    ip link delete docker0
-    ```
+## Enumeration
+
+```sh
+# IP addresses
+ip addr
+# specific interface
+ip addr show eth0
+ip addr show eth1
+ip addr show tun0
+# IPv4/6 only
+ip -4 addr
+ip -6 addr
+# Static route
+ip route
+
+# Get the currently connected WiFi router's IP address (see the 'Default gateway' line in the output)
+ipconfig
+
+# Find any wireless devices
+iw dev
+# Display information of the specified device
+iw dev <interface> info
+# Scan wifi networks nearby the specified device
+iw dev <interface> scan
+
+# Find another computer's IP address/MAC address on the network
+arp -av
+
+# Get public IP address
+curl https://api.ipify.org
+```
 
-- **Find Current WiFi IP Address**
-    
-    We can get the ip adress of the WiFi that we’re currently connecting by checking a default gateway in results of `ipconfig` command. 
-    
-    ```bash
-    ipconfig
+### Using WiGLE
 
-    # Outputs
-    
-    ...
-    
-    Default gateway . . . . . : 192.168.1.1
-    ```
+If BSSIDs found, we can find the location for devices using [WiGLE](https://wigle.net/).  
 
-- **Find Another Computer's IP Address/MAC Address on Network**
+To find BSSID From SSID using WiGLE:
 
-    ```sh
-    arp -av
-    ```
-
-- **Get Public IP Address**
+1. Access to WiGLE and login.
+2. Go to View → Advanced Search.
+3. Open the General Search tab.
+4. Input the SSID in the SSID/Network Name.
+5. Check the result.
 
-    We can get our public ip address from command line as below.
+<br />
 
-    ```bash
-    curl https://api.ipify.org
-    ```
+## Delete Network Interfaces From Your Devices
 
-    Alternatively, we can get the public ip online like https://www.whatismyip.com/.
+```sh  
+ip link delete <iterface>
+```
 
 <br />
 
@@ -101,16 +87,6 @@ aircrack-ng example.cap -w wordlist.txt
 
 <br />
 
-## Find BSSID From SSID
-
-1. Access to WiGLE and login.
-2. Go to View → Advanced Search.
-3. Open the General Search tab.
-4. Input the SSID in the SSID/Network Name.
-5. Check the result.
-
-<br />
-
 ## MAC Address Spoofing
 
 First of all, you need to use network adapter which has monitor mode on your machine.  
@@ -188,11 +164,11 @@ sudo Freeway -i wlan1 -a deauth
 
 ## Other Useful Tools
 
-- **[Bettercap](https://www.bettercap.org/)**
+- [Bettercap](https://www.bettercap.org/)
 
     The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
 
-- **[OUI Standards](https://standards-oui.ieee.org/oui/oui.txt)**
+- [OUI Standards](https://standards-oui.ieee.org/oui/oui.txt)
 
     List of MAC OUI (Organizationally Unique Identifier). You can get the information from the BSSID.
 

src/exploit/web/_data.yml

@@ -14,8 +14,6 @@ related_menus:
     id: template-engine
   - title: API
     id: api
-  - title: Cloud
-    id: cloud
   - title: Microsoft
     id: microsoft
   - title: Tool