Merge pull request #139 from JaimePolop/master

CosmosDB, Postgres and MySQL

Author: carlospolop

src/SUMMARY.md

@@ -3,8 +3,8 @@
 # 👽 Welcome!
 
 - [HackTricks Cloud](README.md)
-- [About the Author$$external:https://book.hacktricks.xyz/welcome/about-the-author$$]()
-- [HackTricks Values & faq$$external:https://book.hacktricks.xyz/welcome/hacktricks-values-and-faq$$]()
+- [About the Author$$external:https://book.hacktricks.wiki/en/welcome/about-the-author.html$$]()
+- [HackTricks Values & faq$$external:https://book.hacktricks.wiki/en/welcome/hacktricks-values-and-faq.html$$]()
 
 # 🏭 Pentesting CI/CD
 
@@ -408,12 +408,15 @@
     - [Az - ARM Templates / Deployments](pentesting-cloud/azure-security/az-services/az-arm-templates.md)
     - [Az - Automation Accounts](pentesting-cloud/azure-security/az-services/az-automation-accounts.md)
     - [Az - Azure App Services](pentesting-cloud/azure-security/az-services/az-app-services.md)
+    - [Az - CosmosDB](pentesting-cloud/azure-security/az-services/az-cosmosDB.md)
     - [Az - Intune](pentesting-cloud/azure-security/az-services/intune.md)
     - [Az - File Shares](pentesting-cloud/azure-security/az-services/az-file-shares.md)
     - [Az - Function Apps](pentesting-cloud/azure-security/az-services/az-function-apps.md)
     - [Az - Key Vault](pentesting-cloud/azure-security/az-services/az-keyvault.md)
     - [Az - Logic Apps](pentesting-cloud/azure-security/az-services/az-logic-apps.md)
     - [Az - Management Groups, Subscriptions & Resource Groups](pentesting-cloud/azure-security/az-services/az-management-groups-subscriptions-and-resource-groups.md)
+    - [Az - MySQL](pentesting-cloud/azure-security/az-services/az-mysql.md)
+    - [Az - PostgreSQL](pentesting-cloud/azure-security/az-services/az-postgresql.md)
     - [Az - Queue Storage](pentesting-cloud/azure-security/az-services/az-queue-enum.md)
     - [Az - Service Bus](pentesting-cloud/azure-security/az-services/az-servicebus-enum.md)
     - [Az - SQL](pentesting-cloud/azure-security/az-services/az-sql.md)
@@ -442,9 +445,12 @@
     - [Az - Primary Refresh Token (PRT)](pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-primary-refresh-token-prt.md)
   - [Az - Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/README.md)
     - [Az - Blob Storage Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-blob-storage-post-exploitation.md)
+    - [Az - CosmosDB](pentesting-cloud/azure-security/az-services/az-cosmosDB-post-exploitation.md)
     - [Az - File Share Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-file-share-post-exploitation.md)
     - [Az - Function Apps Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-function-apps-post-exploitation.md)
     - [Az - Key Vault Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-key-vault-post-exploitation.md)
+    - [Az - MySQL](pentesting-cloud/azure-security/az-services/az-mysql-post-exploitation.md)
+    - [Az - PostgreSQL](pentesting-cloud/azure-security/az-services/az-postgresql-post-exploitation.md)
     - [Az - Queue Storage Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-queue-post-exploitation.md)
     - [Az - Service Bus Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-servicebus-post-exploitation.md)
     - [Az - Table Storage Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-table-storage-post-exploitation.md)
@@ -454,17 +460,20 @@
     - [Az - Azure IAM Privesc (Authorization)](pentesting-cloud/azure-security/az-privilege-escalation/az-authorization-privesc.md)
     - [Az - App Services Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-app-services-privesc.md)
     - [Az - Automation Accounts Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md)
+    - [Az - CosmosDB](pentesting-cloud/azure-security/az-services/az-cosmosDB-privesc.md)
     - [Az - EntraID Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/README.md)
       - [Az - Conditional Access Policies & MFA Bypass](pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/az-conditional-access-policies-mfa-bypass.md)
       - [Az - Dynamic Groups Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-entraid-privesc/dynamic-groups.md)
     - [Az - Functions App Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-functions-app-privesc.md)
     - [Az - Key Vault Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-key-vault-privesc.md)
+    - [Az - MySQL](pentesting-cloud/azure-security/az-services/az-mysql-privesc.md)
+    - [Az - PostgreSQL](pentesting-cloud/azure-security/az-services/az-postgresql-privesc.md)
     - [Az - Queue Storage Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-queue-privesc.md)
     - [Az - Service Bus Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-servicebus-privesc.md)
-    - [Az - Virtual Machines & Network Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-virtual-machines-and-network-privesc.md)
     - [Az - Static Web App Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-static-web-apps-privesc.md)
     - [Az - Storage Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md)
     - [Az - SQL Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-sql-privesc.md)
+    - [Az - Virtual Machines & Network Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-virtual-machines-and-network-privesc.md)
   - [Az - Persistence](pentesting-cloud/azure-security/az-persistence/README.md)
     - [Az - Queue Storage Persistence](pentesting-cloud/azure-security/az-persistence/az-queue-persistance.md)
     - [Az - VMs Persistence](pentesting-cloud/azure-security/az-persistence/az-vms-persistence.md)
@@ -501,8 +510,8 @@
 
 # 🛫 Pentesting Network Services
 
-- [HackTricks Pentesting Network$$external:https://book.hacktricks.xyz/generic-methodologies-and-resources/pentesting-network$$]()
-- [HackTricks Pentesting Services$$external:https://book.hacktricks.xyz/network-services-pentesting/pentesting-ssh$$]()
+- [HackTricks Pentesting Network$$external:https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-network/index.html$$]()
+- [HackTricks Pentesting Services$$external:https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-ssh.html$$]()
 
 
 

src/pentesting-ci-cd/cloudflare-security/cloudflare-domains.md

@@ -24,7 +24,7 @@ In each TLD configured in Cloudflare there are some **general settings and servi
 - [ ] Check that **DNSSEC** is **enabled**
 - [ ] Check that **CNAME Flattening** is **used** in **all CNAMEs**
   - This is could be useful to **hide subdomain takeover vulnerabilities** and improve load timings
-- [ ] Check that the domains [**aren't vulnerable to spoofing**](https://book.hacktricks.xyz/network-services-pentesting/pentesting-smtp#mail-spoofing)
+- [ ] Check that the domains [**aren't vulnerable to spoofing**](https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-smtp/index.html#mail-spoofing)
 
 ### **Email**
 

src/pentesting-ci-cd/github-security/abusing-github-actions/README.md

@@ -553,7 +553,7 @@ docker pull ghcr.io/<org-name>/<repo_name>:<tag>
 Then, the user could search for **leaked secrets in the Docker image layers:**
 
 {{#ref}}
-https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics
+https://book.hacktricks.wiki/en/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.html
 {{#endref}}
 
 ### Sensitive info in Github Actions logs

src/pentesting-cloud/aws-security/README.md

@@ -37,7 +37,7 @@ From a Red Team point of view, the **first step to compromise an AWS environment
 - **Social** Engineering
 - **Password** reuse (password leaks)
 - Vulnerabilities in AWS-Hosted Applications
-  - [**Server Side Request Forgery**](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf) with access to metadata endpoint
+  - [**Server Side Request Forgery**](https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html) with access to metadata endpoint
   - **Local File Read**
     - `/home/USERNAME/.aws/credentials`
     - `C:\Users\USERNAME\.aws\credentials`
@@ -67,7 +67,7 @@ aws-permissions-for-a-pentest.md
 If you found a SSRF in a machine inside AWS check this page for tricks:
 
 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
+https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
 {{#endref}}
 
 ### Whoami
@@ -147,7 +147,7 @@ As pentester/red teamer you should always check if you can find **sensitive info
 In this book you should find **information** about how to find **exposed AWS services and how to check them**. About how to find **vulnerabilities in exposed network services** I would recommend you to **search** for the specific **service** in:
 
 {{#ref}}
-https://book.hacktricks.xyz/
+https://book.hacktricks.wiki/
 {{#endref}}
 
 ## Compromising the Organization

src/pentesting-cloud/aws-security/aws-basic-information/aws-federation-abuse.md

@@ -7,7 +7,7 @@
 For info about SAML please check:
 
 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/saml-attacks
+https://book.hacktricks.wiki/en/pentesting-web/saml-attacks/index.html
 {{#endref}}
 
 In order to configure an **Identity Federation through SAML** you just need to provide a **name** and the **metadata XML** containing all the SAML configuration (**endpoints**, **certificate** with public key)

src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ec2-ebs-ssm-and-vpc-post-exploitation/README.md

@@ -113,7 +113,7 @@ One of the scenarios where this is useful is pivoting from a [Bastion Host](http
 aws ssm start-session --target "$INSTANCE_ID"
 ```
 
-3. Get the Bastion EC2 AWS temporary credentials with the [Abusing SSRF in AWS EC2 environment](https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf#abusing-ssrf-in-aws-ec2-environment) script
+3. Get the Bastion EC2 AWS temporary credentials with the [Abusing SSRF in AWS EC2 environment](https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#abusing-ssrf-in-aws-ec2-environment) script
 4. Transfer the credentials to your own machine in the `$HOME/.aws/credentials` file as `[bastion-ec2]` profile
 5. Log in to EKS as the Bastion EC2:
 

src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ecr-post-exploitation.md

@@ -51,7 +51,7 @@ aws ecr get-download-url-for-layer \
 After downloading the images you should **check them for sensitive info**:
 
 {{#ref}}
-https://book.hacktricks.xyz/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics
+https://book.hacktricks.wiki/en/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.html
 {{#endref}}
 
 ### `ecr:PutLifecyclePolicy` | `ecr:DeleteRepository` | `ecr-public:DeleteRepository` | `ecr:BatchDeleteImage` | `ecr-public:BatchDeleteImage`

src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ecs-post-exploitation.md

@@ -16,7 +16,7 @@ In ECS an **IAM role can be assigned to the task** running inside the container.
 Which means that if you manage to **compromise** an ECS instance you can potentially **obtain the IAM role associated to the ECR and to the EC2 instance**. For more info about how to get those credentials check:
 
 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf
+https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html
 {{#endref}}
 
 > [!CAUTION]

src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-lambda-privesc.md

@@ -194,7 +194,7 @@ aws --profile none-priv lambda update-function-configuration --function-name <fu
 For other scripting languages there are other env variables you can use. For more info check the subsections of scripting languages in:
 
 {{#ref}}
-https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse
+https://book.hacktricks.wiki/en/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/index.html
 {{#endref}}
 
 #### RCE via Lambda Layers

src/pentesting-cloud/aws-security/aws-services/aws-documentdb-enum.md

@@ -26,7 +26,7 @@ aws --region us-east-1 --profile ad docdb describe-db-cluster-snapshot-attribute
 As DocumentDB is a MongoDB compatible database, you can imagine it's also vulnerable to common NoSQL injection attacks:
 
 {{#ref}}
-https://book.hacktricks.xyz/pentesting-web/nosql-injection
+https://book.hacktricks.wiki/en/pentesting-web/nosql-injection.html
 {{#endref}}
 
 ### DocumentDB