Fix links and update search index url

2025-12-12 15:50:19 -08:00 · 2025-02-12 14:47:59 +01:00
parent 0d26e5ed8c
commit 92b3c384c8
4 changed files with 21 additions and 31 deletions
--- a/src/pentesting-cloud/azure-security/az-services/az-automation-accounts.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-automation-accounts.md
@@ -1,6 +1,6 @@
 # Az - Automation Accounts

-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}

 ## Basic Information

@@ -59,7 +59,6 @@ When creating a Runbook it's possible to select the runtime environment. By defa

 However, it's also possible to **create your own environments**, using one of these as a base. In the case of python, it's possible to upload `.whl` packages to the environment that will be used. In the case of PowerShell, it's possible to upload `.zip` packages with the modules to have in the runtime.

-
 ### Hybrid Worker Groups

 In Azure Automation, the default execution environment for runbooks is the **Azure Sandbox**, a cloud-based platform managed by Azure, suitable for tasks involving Azure resources. However, this sandbox has limitations, such as restricted access to on-premises resources and constraints on execution time and resource usage. To overcome these limitations, Hybrid Worker Groups are employed. A Hybrid Worker Group consists of **one or more Hybrid Runbook Workers installed on your own machines**, whether on-premises, in other cloud environments or Azure VMs. This setup allows runbooks to execute directly on these machines, providing direct access to local resources, the ability to run longer and more resource-intensive tasks, and the flexibility to interact with environments beyond Azure's immediate reach.
@@ -78,14 +77,13 @@ Moreover, if the hybrid worker is running in Azure with other Managed Identities

 ### State Configuration (SC)

->[!WARNING]
+> [!WARNING]
 > As indicated in [the docs](https://learn.microsoft.com/en-us/azure/automation/automation-dsc-overview), Azure Automation State Configuration will be retired on September 30, 2027 and replaced by [Azure Machine Configuration](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview).

 Automation Accounts also support **State Configuration (SC)**, which is a feature that helps **configure** and **maintain** the **state** of your VMs. It's possible to **create** and **apply** DSC configurations to **Windows** and **Linux** machines.

 From an attackers perspective this was interesting because it allowed to **execute arbitrary PS code in all the configured VMs** allowing to escalate privileges to the managed identities of these VMs, potentially pivoting to new networks... Also, the configurations could contain **sensitive info**.

-
 ## Enumeration

 ```bash
@@ -242,7 +240,4 @@ Get-AzAutomationHybridWorkerGroup -AutomationAccountName <AUTOMATION-ACCOUNT> -R
 - [https://learn.microsoft.com/en-us/azure/automation/automation-dsc-overview](https://learn.microsoft.com/en-us/azure/automation/automation-dsc-overview)
 - [https://github.com/rootsecdev/Azure-Red-Team#runbook-automation](https://github.com/rootsecdev/Azure-Red-Team#runbook-automation)

-{{#include ../../../../banners/hacktricks-training.md}}
-
-
-
+{{#include ../../../banners/hacktricks-training.md}}
--- a/src/pentesting-cloud/azure-security/az-services/az-container-instances.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-container-instances.md
@@ -1,28 +1,26 @@
 # Az - Container Instances

-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}

 ## Basic Information

-Azure Container Instances (ACI) provide a **serverless, on-demand way** to run **containers** in the Azure cloud. You can **deploy** single or multiple containers in a group with **scalable compute**, **networking options**, and the flexibility to connect to **other Azure services** (like Storage, Virtual Networks, or Container Registries). 
+Azure Container Instances (ACI) provide a **serverless, on-demand way** to run **containers** in the Azure cloud. You can **deploy** single or multiple containers in a group with **scalable compute**, **networking options**, and the flexibility to connect to **other Azure services** (like Storage, Virtual Networks, or Container Registries).

 As they are **ephemeral** workloads, you don't need to manage the underlying VM infrastructure — Azure handles that for you. However, from an **offensive security perspective**, it's crucial to understand how **permissions**, **identities**, **network configurations**, and **logs** can reveal attack surfaces and potential misconfigurations.

-
 ### Configurations

 - In order to create a container it's possible to use a public image, a container image from an Azure Container Registry or an external repository, which might **require to configure a password** to access it.
 - Regarding networking it can also have a **public IP** or be **private endpoints**.
 - It's also possible to configure common docker settings like:
-    - **Environment variables**
-    - **Volumes** (even from Azure Files)
-    - **Ports**
-    - **CPU and memory limits**
-    - **Restart policy**
-    - **Run as privileged**
-    - **Command line to run**
-    - ...
-
+  - **Environment variables**
+  - **Volumes** (even from Azure Files)
+  - **Ports**
+  - **CPU and memory limits**
+  - **Restart policy**
+  - **Run as privileged**
+  - **Command line to run**
+  - ...

 ## Enumeration

@@ -44,4 +42,4 @@ az container exec --name <container-name> --resource-group <res-group> --exec-co

 # Get yaml configuration of the container group
 az container export  --name <container-name> --resource-group <res-group>
-```
+```
--- a/src/pentesting-cloud/azure-security/az-services/az-container-registry.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-container-registry.md
@@ -1,6 +1,6 @@
 # Az - Container Registry

-{{#include ../../../../banners/hacktricks-training.md}}
+{{#include ../../../banners/hacktricks-training.md}}

 ## Basic Information

@@ -20,7 +20,7 @@ These are the **different permissions** [according to the docs](https://learn.mi

 There are also some **built-in roles** that can be assigned, and it's also possible to create **custom roles**.

-![](</images/registry_roles.png>)
+![](/images/registry_roles.png)

 ### Authentication

@@ -61,7 +61,7 @@ Only the **Premium SKU** supports **private endpoints**. The other ones only sup

 ### Microsoft Defender for Cloud

-This allows you to **scan the images** in the registry for **vulnerabilities**. 
+This allows you to **scan the images** in the registry for **vulnerabilities**.

 ### Soft-delete

@@ -69,7 +69,7 @@ The **soft-delete** feature allows you to **recover a deleted registry** within

 ### Webhooks

-It's possible to **create webhooks** inside registries. In this webhook it's needed to specify the URL where a **request will be sent whenever a push or delete action is performed**. Moreover, Webhooks can indicate a scope to indicate the repositories (images) that will be affected. For example, 'foo:*' means events under repository 'foo'.
+It's possible to **create webhooks** inside registries. In this webhook it's needed to specify the URL where a **request will be sent whenever a push or delete action is performed**. Moreover, Webhooks can indicate a scope to indicate the repositories (images) that will be affected. For example, 'foo:\*' means events under repository 'foo'.

 From an attackers perspective it's interesting to check this **before performing any action** in the registry, and remove it terporarely if needed, to avoid being detected.

@@ -160,7 +160,4 @@ az acr cache show --name <cache-name> --registry <registry-name>
 - [https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli)
 - [https://learn.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli#access-resource-manager](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli#access-resource-manager)

-{{#include ../../../../banners/hacktricks-training.md}}
-
-
-
+{{#include ../../../banners/hacktricks-training.md}}
--- a/theme/ht_searcher.js
+++ b/theme/ht_searcher.js
@@ -471,12 +471,12 @@ window.search = window.search || {};
        showResults(true);
    }

-    fetch(path_to_root + 'searchindex.json')
+    fetch('https://raw.githubusercontent.com/HackTricks-wiki/hacktricks-cloud/refs/heads/master/searchindex.json')
        .then(response => response.json())
        .then(json => init(json))        
        .catch(error => { // Try to load searchindex.js if fetch failed
            var script = document.createElement('script');
-            script.src = path_to_root + 'searchindex.js';
+            script.src = 'https://raw.githubusercontent.com/HackTricks-wiki/hacktricks-cloud/refs/heads/master/searchindex.js';
            script.onload = () => init(window.search);
            document.head.appendChild(script);
        });