Merge pull request #991 from HackTricks-wiki/fix-embeded-urls

Fix embed urls
HackTricks-wiki · Jan 3, 2025 · a547172 · a547172
2 parents e4478ac + b6fbc1d
commit a547172
Show file tree

Hide file tree

Showing 71 changed files with 463 additions and 427 deletions.
diff --git a/hacktricks-preprocessor.py b/hacktricks-preprocessor.py
@@ -69,6 +69,12 @@ def ref(matchobj):
     return result
 
 
+def add_read_time(content):
+    regex = r'(<\/style>\n# .*(?=\n))'
+    new_content = re.sub(regex, lambda x: x.group(0) + "\n\nReading time: {{ #reading_time }}", content)
+    return new_content
+
+
 def iterate_chapters(sections):
     if isinstance(sections, dict) and "PartTitle" in sections: # Not a chapter section
         return
@@ -99,6 +105,7 @@ def iterate_chapters(sections):
         current_chapter = chapter
         regex = r'{{[\s]*#ref[\s]*}}(?:\n)?([^\\\n]*)(?:\n)?{{[\s]*#endref[\s]*}}'
         new_content = re.sub(regex, ref, chapter['content'])
+        new_content = add_read_time(new_content)
         chapter['content'] = new_content
 
     content = json.dumps(book)

diff --git a/src/README.md b/src/README.md
@@ -1,13 +1,10 @@
 # HackTricks
 
-Reading time: {{ #reading_time }}
-
 <figure><img src="images/hacktricks.gif" alt=""><figcaption></figcaption></figure>
 
 _Hacktricks logos & motion design by_ [_@ppiernacho_](https://www.instagram.com/ppieranacho/)_._
 
-> [!TIP]
-> **Welcome to the wiki where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news.**
+> [!TIP] > **Welcome to the wiki where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news.**
 
 To get started follow this page where you will find the **typical flow** that **you should follow when pentesting** one or more **machines:**
 
@@ -35,7 +32,9 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
 
 [**RootedCON**](https://www.rootedcon.com) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
 
-{% embed url="https://www.rootedcon.com/" %}
+{{#ref}}
+https://www.rootedcon.com/
+{{#endref}}
 
 ---
 
@@ -47,7 +46,9 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
 
 **Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
 
-{% embed url="https://go.intigriti.com/hacktricks" %}
+{{#ref}}
+https://go.intigriti.com/hacktricks
+{{#endref}}
 
 ---
 
@@ -60,7 +61,9 @@ Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banne
 
 Get Access Today:
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+{{#ref}}
+https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks
+{{#endref}}
 
 ---
 
@@ -86,7 +89,9 @@ Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to
 
 **Find and report critical, exploitable vulnerabilities with real business impact.** Use our 20+ custom tools to map the attack surface, find security issues that let you escalate privileges, and use automated exploits to collect essential evidence, turning your hard work into persuasive reports.
 
-{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
+{{#ref}}
+https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons
+{{#endref}}
 
 ---
 
@@ -111,7 +116,9 @@ You can **create a free account** [**here**](https://serpapi.com/users/sign_up)*
 
 Learn the technologies and skills required to perform vulnerability research, penetration testing, and reverse engineering to protect mobile applications and devices. **Master iOS and Android security** through our on-demand courses and **get certified**:
 
-{% embed url="https://academy.8ksec.io/" %}
+{{#ref}}
+https://academy.8ksec.io/
+{{#endref}}
 
 ---
 
@@ -127,7 +134,9 @@ Another cool thing about WebSec is that unlike the industry average WebSec is **
 
 In addition to the above WebSec is also a **committed supporter of HackTricks.**
 
-{% embed url="https://www.youtube.com/watch?v=Zq2JycGDCPM" %}
+{{#ref}}
+https://www.youtube.com/watch?v=Zq2JycGDCPM
+{{#endref}}
 
 ## License & Disclaimer
 
@@ -143,5 +152,3 @@ welcome/hacktricks-values-and-faq.md
 
 {{#include ./banners/hacktricks-training.md}}
 
-
-
diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md b/src/binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md
@@ -17,7 +17,9 @@ Usually, all these structures are faked by making an **initial ROP chain that ca
 
 Chek this video for a nice explanation about this technique in the second half of the video:
 
-{% embed url="https://youtu.be/ADULSwnQs-s?feature=shared" %}
+{{#ref}}
+https://youtu.be/ADULSwnQs-s?feature=shared
+{{#endref}}
 
 Or check these pages for a step-by-step explanation:
 
@@ -196,5 +198,3 @@ target.interactive()
 
 {{#include ../../banners/hacktricks-training.md}}
 
-
-
diff --git a/...on/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md b/...on/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md
@@ -59,7 +59,9 @@ If you are curious this is the **sigcontext structure** stored in the stack to l
 
 For a better explanation check also:
 
-{% embed url="https://youtu.be/ADULSwnQs-s?feature=shared" %}
+{{#ref}}
+https://youtu.be/ADULSwnQs-s?feature=shared
+{{#endref}}
 
 ## Example
 
@@ -144,5 +146,3 @@ target.interactive()
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-
-
diff --git a/src/burp-suite.md b/src/burp-suite.md
@@ -10,11 +10,10 @@
 
 [https://github.com/0xC01DF00D/Collabfiltrator](https://github.com/0xC01DF00D/Collabfiltrator) : Payload to execute commands and grab the output via DNS requests to burpcollab.
 
-{% embed url="https://medium.com/@ArtsSEC/burp-suite-exporter-462531be24e" %}
+{{#ref}}
+https://medium.com/@ArtsSEC/burp-suite-exporter-462531be24e
+{{#endref}}
 
 [https://github.com/h3xstream/http-script-generator](https://github.com/h3xstream/http-script-generator)
 
 {{#include ./banners/hacktricks-training.md}}
-
-
-
diff --git a/src/crypto-and-stego/esoteric-languages.md b/src/crypto-and-stego/esoteric-languages.md
@@ -52,7 +52,9 @@ Take it to the top
 Whisper my world
 ```
 
-{% embed url="https://codewithrockstar.com/" %}
+{{#ref}}
+https://codewithrockstar.com/
+{{#endref}}
 
 ## PETOOH
 
@@ -68,5 +70,3 @@ Kukarek
 
 {{#include ../banners/hacktricks-training.md}}
 
-
-
diff --git a/src/crypto-and-stego/hash-length-extension-attack.md b/src/crypto-and-stego/hash-length-extension-attack.md
@@ -29,13 +29,13 @@ If an attacker wants to append the string "append" he can:
 
 ### **Tool**
 
-{% embed url="https://github.com/iagox86/hash_extender" %}
+{{#ref}}
+https://github.com/iagox86/hash_extender
+{{#endref}}
 
 ### References
 
 You can find this attack good explained in [https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
 
 {{#include ../banners/hacktricks-training.md}}
 
-
-
diff --git a/src/crypto-and-stego/rc4-encrypt-and-decrypt.md b/src/crypto-and-stego/rc4-encrypt-and-decrypt.md
@@ -4,11 +4,13 @@ If you can somehow encrypt a plaintext using RC4, you can decrypt any content en
 
 If you can encrypt a known plaintext you can also extract the password. More references can be found in the HTB Kryptos machine:
 
-{% embed url="https://0xrick.github.io/hack-the-box/kryptos/" %}
+{{#ref}}
+https://0xrick.github.io/hack-the-box/kryptos/
+{{#endref}}
 
-{% embed url="https://0xrick.github.io/hack-the-box/kryptos/" %}
+{{#ref}}
+https://0xrick.github.io/hack-the-box/kryptos/
+{{#endref}}
 
 {{#include ../banners/hacktricks-training.md}}
 
-
-
diff --git a/src/cryptography/hash-length-extension-attack.md b/src/cryptography/hash-length-extension-attack.md
@@ -27,13 +27,12 @@ If an attacker wants to append the string "append" he can:
 
 ## **Tool**
 
-{% embed url="https://github.com/iagox86/hash_extender" %}
+{{#ref}}
+https://github.com/iagox86/hash_extender
+{{#endref}}
 
 ## References
 
 You can find this attack good explained in [https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
 
 {{#include ../banners/hacktricks-training.md}}
-
-
-
diff --git a/src/cryptography/rc4-encrypt-and-decrypt.md b/src/cryptography/rc4-encrypt-and-decrypt.md
@@ -4,11 +4,13 @@ If you can somehow encrypt a plaintext using RC4, you can decrypt any content en
 
 If you can encrypt a known plaintext you can also extract the password. More references can be found in the HTB Kryptos machine:
 
-{% embed url="https://0xrick.github.io/hack-the-box/kryptos/" %}
+{{#ref}}
+https://0xrick.github.io/hack-the-box/kryptos/
+{{#endref}}
 
-{% embed url="https://0xrick.github.io/hack-the-box/kryptos/" %}
+{{#ref}}
+https://0xrick.github.io/hack-the-box/kryptos/
+{{#endref}}
 
 {{#include ../banners/hacktricks-training.md}}
 
-
-
diff --git a/src/generic-methodologies-and-resources/external-recon-methodology/README.md b/src/generic-methodologies-and-resources/external-recon-methodology/README.md
@@ -2,7 +2,6 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-
 ## Assets discoveries
 
 > So you were said that everything belonging to some company is inside the scope, and you want to figure out what this company actually owns.
@@ -199,8 +198,6 @@ Check for some [domain takeover](../../pentesting-web/domain-subdomain-takeover.
 If you find any **domain with an IP different** from the ones you already found in the assets discovery, you should perform a **basic vulnerability scan** (using Nessus or OpenVAS) and some [**port scan**](../pentesting-network/#discovering-hosts-from-the-outside) with **nmap/masscan/shodan**. Depending on which services are running you can find in **this book some tricks to "attack" them**.\
 &#xNAN;_&#x4E;ote that sometimes the domain is hosted inside an IP that is not controlled by the client, so it's not in the scope, be careful._
 
-
-
 ## Subdomains
 
 > We know all the companies inside the scope, all the assets of each company and all the domains related to the companies.
@@ -482,9 +479,13 @@ echo www | subzuf facebook.com
 
 Check this blog post I wrote about how to **automate the subdomain discovery** from a domain using **Trickest workflows** so I don't need to launch manually a bunch of tools in my computer:
 
-{% embed url="https://trickest.com/blog/full-subdomain-discovery-using-workflow/" %}
+{{#ref}}
+https://trickest.com/blog/full-subdomain-discovery-using-workflow/
+{{#endref}}
 
-{% embed url="https://trickest.com/blog/full-subdomain-brute-force-discovery-using-workflow/" %}
+{{#ref}}
+https://trickest.com/blog/full-subdomain-brute-force-discovery-using-workflow/
+{{#endref}}
 
 ### **VHosts / Virtual Hosts**
 
@@ -708,8 +709,5 @@ There are several tools out there that will perform part of the proposed actions
 
 - All free courses of [**@Jhaddix**](https://twitter.com/Jhaddix) like [**The Bug Hunter's Methodology v4.0 - Recon Edition**](https://www.youtube.com/watch?v=p4JgIu1mceI)
 
-
 {{#include ../../banners/hacktricks-training.md}}
 
-
-
diff --git a/src/linux-hardening/privilege-escalation/README.md b/src/linux-hardening/privilege-escalation/README.md
@@ -1049,9 +1049,13 @@ The project collects legitimate functions of Unix binaries that can be abused to
 > strace -o /dev/null /bin/sh\
 > sudo awk 'BEGIN {system("/bin/sh")}'
 
-{% embed url="https://gtfobins.github.io/" %}
+{{#ref}}
+https://gtfobins.github.io/
+{{#endref}}
 
-{% embed url="https://gtfoargs.github.io/" %}
+{{#ref}}
+https://gtfoargs.github.io/
+{{#endref}}
 
 ### FallOfSudo
 
@@ -1656,5 +1660,3 @@ cisco-vmanage.md
 
 {{#include ../../banners/hacktricks-training.md}}
 
-
-
diff --git a/src/linux-hardening/privilege-escalation/docker-security/README.md b/src/linux-hardening/privilege-escalation/docker-security/README.md
@@ -341,13 +341,17 @@ In Kubernetes environments, secrets are natively supported and can be further ma
 
 **gVisor** is an application kernel, written in Go, that implements a substantial portion of the Linux system surface. It includes an [Open Container Initiative (OCI)](https://www.opencontainers.org) runtime called `runsc` that provides an **isolation boundary between the application and the host kernel**. The `runsc` runtime integrates with Docker and Kubernetes, making it simple to run sandboxed containers.
 
-{% embed url="https://github.com/google/gvisor" %}
+{{#ref}}
+https://github.com/google/gvisor
+{{#endref}}
 
 ### Kata Containers
 
 **Kata Containers** is an open source community working to build a secure container runtime with lightweight virtual machines that feel and perform like containers, but provide **stronger workload isolation using hardware virtualization** technology as a second layer of defense.
 
-{% embed url="https://katacontainers.io/" %}
+{{#ref}}
+https://katacontainers.io/
+{{#endref}}
 
 ### Summary Tips
 
@@ -403,8 +407,5 @@ authz-and-authn-docker-access-authorization-plugin.md
 - [https://towardsdatascience.com/top-20-docker-security-tips-81c41dd06f57](https://towardsdatascience.com/top-20-docker-security-tips-81c41dd06f57)
 - [https://resources.experfy.com/bigdata-cloud/top-20-docker-security-tips/](https://resources.experfy.com/bigdata-cloud/top-20-docker-security-tips/)
 
-
 {{#include ../../../banners/hacktricks-training.md}}
 
-
-
diff --git a/src/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md b/src/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md
@@ -241,9 +241,13 @@ Finally, if you don't like any of the suggestions of before, or they aren't work
 
 If you have write permissions over the docker socket read [**this post about how to escalate privileges abusing the docker socket**](../#writable-docker-socket)**.**
 
-{% embed url="https://github.com/KrustyHack/docker-privilege-escalation" %}
+{{#ref}}
+https://github.com/KrustyHack/docker-privilege-escalation
+{{#endref}}
 
-{% embed url="https://fosterelli.co/privilege-escalation-via-docker.html" %}
+{{#ref}}
+https://fosterelli.co/privilege-escalation-via-docker.html
+{{#endref}}
 
 ## lxc/lxd Group
 
@@ -263,5 +267,3 @@ These permissions may be abused with the following exploit to **escalate privile
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-
-
diff --git a/src/linux-unix/privilege-escalation/interesting-groups-linux-pe.md b/src/linux-unix/privilege-escalation/interesting-groups-linux-pe.md
@@ -1,7 +1,5 @@
-
 {{#include ../../banners/hacktricks-training.md}}
 
-
 # Sudo/Admin Groups
 
 ## **PE - Method 1**
@@ -158,16 +156,17 @@ find / -group root -perm -g=w 2>/dev/null
 
 You can mount the root filesystem of the host machine to an instance’s volume, so when the instance starts it immediately loads a `chroot` into that volume. This effectively gives you root on the machine.
 
-{% embed url="https://github.com/KrustyHack/docker-privilege-escalation" %}
+{{#ref}}
+https://github.com/KrustyHack/docker-privilege-escalation
+{{#endref}}
 
-{% embed url="https://fosterelli.co/privilege-escalation-via-docker.html" %}
+{{#ref}}
+https://fosterelli.co/privilege-escalation-via-docker.html
+{{#endref}}
 
 # lxc/lxd Group
 
 [lxc - Privilege Escalation](lxd-privilege-escalation.md)
 
-
 {{#include ../../banners/hacktricks-training.md}}
 
-
-