Support # in refs

.gitignore

@@ -34,3 +34,4 @@ Temporary Items
 book
 book/*
 hacktricks-preprocessor.log
+hacktricks-preprocessor-error.log

hacktricks-preprocessor.py

@@ -7,7 +7,14 @@ from os import path
 from urllib.request import urlopen, Request
 
 logger = logging.getLogger(__name__)
-logging.basicConfig(filename='hacktricks-preprocessor.log', filemode='w', encoding='utf-8', level=logging.DEBUG)
+logger.setLevel(logging.DEBUG)
+handler = logging.FileHandler(filename='hacktricks-preprocessor.log', mode='w', encoding='utf-8')
+handler.setLevel(logging.DEBUG)
+logger.addHandler(handler)
+
+handler2 = logging.FileHandler(filename='hacktricks-preprocessor-error.log', mode='w', encoding='utf-8')
+handler2.setLevel(logging.ERROR)
+logger.addHandler(handler2)
 
 
 def findtitle(search ,obj, key, path=(),):
@@ -45,19 +52,29 @@ def ref(matchobj):
         try:
             if href.endswith("/"):
                 href = href+"README.md" # Fix if ref points to a folder
-            chapter, _path = findtitle(href, book, "source_path")
-            logger.debug(f'Recursive title search result: {chapter["name"]}')
-            title = chapter['name']
+            if "#" in  href:
+                chapter, _path = findtitle(href.split("#")[0], book, "source_path")
+                title = " ".join(href.split("#")[1].split("-")).title()
+                logger.debug(f'Ref has # using title: {title}')
+            else:
+                chapter, _path = findtitle(href, book, "source_path")
+                logger.debug(f'Recursive title search result: {chapter["name"]}')
+                title = chapter['name']
         except Exception as e:
             try:
                 dir = path.dirname(current_chapter['source_path'])
                 logger.debug(f'Error getting chapter title: {href} trying with relative path {path.normpath(path.join(dir,href))}')
-                chapter, _path = findtitle(path.normpath(path.join(dir,href)), book, "source_path")
-                logger.debug(f'Recursive title search result: {chapter["name"]}')
-                title = chapter['name']
+                if "#" in  href:
+                    chapter, _path = findtitle(path.normpath(path.join(dir,href.split('#')[0])), book, "source_path")
+                    title = " ".join(href.split("#")[1].split("-")).title()
+                    logger.debug(f'Ref has # using title: {title}')
+                else:
+                    chapter, _path = findtitle(path.normpath(path.join(dir,href.split('#')[0])), book, "source_path")
+                    title = chapter["name"]
+                    logger.debug(f'Recursive title search result: {chapter["name"]}')
             except Exception as e:
-                logger.debug(f'Error getting chapter title: {path.normpath(path.join(dir,href))}')
-                print(f'Error getting chapter title: {path.normpath(path.join(dir,href))}')
+                logger.debug(e)
+                logger.error(f'Error getting chapter title: {path.normpath(path.join(dir,href))}')
                 sys.exit(1)
 
 
@@ -85,13 +102,11 @@ def files(matchobj):
         
     except Exception as e:
         logger.debug(e)
-        logger.debug(f'Error searching file: {href}')
-        print(f'Error searching file: {href}')
+        logger.error(f'Error searching file: {href}')
         sys.exit(1)
 
         if title=="":
-            logger.debug(f'Error searching file: {href}')
-            print(f'Error searching file: {href}')
+            logger.error(f'Error searching file: {href}')
             sys.exit(1)
 
     template = f"""<a class="content_ref" href="/files/{href}"><span class="content_ref_label">{title}</span></a>"""
@@ -134,10 +149,11 @@ if __name__ == '__main__':
     for chapter in iterate_chapters(book['sections']):
         logger.debug(f"Chapter: {chapter['path']}")
         current_chapter = chapter
-        regex = r'{{[\s]*#ref[\s]*}}(?:\n)?([^\\\n]*)(?:\n)?{{[\s]*#endref[\s]*}}'
+        # regex = r'{{[\s]*#ref[\s]*}}(?:\n)?([^\\\n]*)(?:\n)?{{[\s]*#endref[\s]*}}'
+        regex = r'{{[\s]*#ref[\s]*}}(?:\n)?([^\\\n#]*(?:#(.*))?)(?:\n)?{{[\s]*#endref[\s]*}}'
         new_content = re.sub(regex, ref, chapter['content'])
         regex = r'{{[\s]*#file[\s]*}}(?:\n)?([^\\\n]*)(?:\n)?{{[\s]*#endfile[\s]*}}'
-        new_content = re.sub(regex, files, chapter['content'])
+        new_content = re.sub(regex, files, new_content)
         new_content = add_read_time(new_content)
         chapter['content'] = new_content
 

src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-s3-privesc.md

@@ -62,7 +62,7 @@ So, if you have the permissions listed over these files, there is an attack vect
 Follow the description in the *Abusing Terraform State Files* section of the *Terraform Security* page for directly usable exploit code:
 
 {{#ref}}
-terraform-security.md#abusing-terraform-state-files
+pentesting-ci-cd/terraform-security.md#abusing-terraform-state-files
 {{#endref}}
 
 ### `s3:PutBucketPolicy`
@@ -194,6 +194,3 @@ aws s3api put-object-acl --bucket <bucket-name> --key flag --version-id <value>
 ```
 
 {{#include ../../../banners/hacktricks-training.md}}
-
-
-

src/pentesting-cloud/azure-security/az-privilege-escalation/az-app-services-privesc.md

@@ -7,7 +7,7 @@
 For more information about Azure App services check:
 
 {{#ref}}
-../az-services/az-app-service.md
+../az-services/az-app-services.md
 {{#endref}}
 
 ### Microsoft.Web/sites/publish/Action, Microsoft.Web/sites/basicPublishingCredentialsPolicies/read, Microsoft.Web/sites/config/read, Microsoft.Web/sites/read
@@ -37,11 +37,11 @@ ssh root@127.0.0.1 -p 39895
 ```
 
 - **Debug the application**:
-    1. Install the Azure extension in VScode.
-    2. Login in the extension with the Azure account.
-    3. List all the App services inside the subscription.
-    4. Select the App service you want to debug, right click and select "Start Debugging".
-    5. If the app doesn't have debugging enabled, the extension will try to enable it but your account needs the permission `Microsoft.Web/sites/config/write` to do so.
+  1. Install the Azure extension in VScode.
+  2. Login in the extension with the Azure account.
+  3. List all the App services inside the subscription.
+  4. Select the App service you want to debug, right click and select "Start Debugging".
+  5. If the app doesn't have debugging enabled, the extension will try to enable it but your account needs the permission `Microsoft.Web/sites/config/write` to do so.
 
 ### Obtaining SCM Credentials & Enabling Basic Authentication
 
@@ -141,7 +141,6 @@ Remember that to access the SCM platform from the **web you need to access to `<
 > [!WARNING]
 > Note that every user can configure it's own credentials calling the previous command, but if the user doesn't have enough permissions to access the SCM or FTP, the credentials won't work.
 
-
 - If you see that those credentials are **REDACTED**, it's because you **need to enable the SCM basic authentication option** and for that you need the second permission (`Microsoft.Web/sites/basicPublishingCredentialsPolicies/write`):
 
 ```bash
@@ -193,7 +192,7 @@ curl "<SCM-URL>/vfs/data/jobs/continuous/job_name/job_log.txt" \
 ```
 
 - Read **Webjobs** source code:
-    
+
 ```bash
 # Using SCM username and password:
 # Find all the webjobs inside:
@@ -282,7 +281,7 @@ curl -H "Authorization: Bearer <token>" \
 - If the configured source is a third-party provider like Github, BitBucket or an Azure Repository, you can **update the code** of the App service by compromising the source code in the repository.
 - If the app is configured using a **remote git repository** (with username and password), it's possible to get the **URL and basic auth credentials** to clone and push changes with:
   - Using the permission **`Microsoft.Web/sites/sourcecontrols/read`**: `az webapp deployment source show --name <app-name> --resource-group <res-group>`
-  - Using the permission **`Microsoft.Web/sites/config/list/action`**: 
+  - Using the permission **`Microsoft.Web/sites/config/list/action`**:
     - `az webapp deployment list-publishing-credentials --name <app-name> --resource-group <res-group>`
     - `az rest --method POST --url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/sites/<app-name>/config/metadata/list?api-version=2022-03-01" --resource "https://management.azure.com"`
 - If the app is configured to use a **local git repository**, it's possible to **clone the repository** and **push changes** to it:
@@ -308,8 +307,4 @@ az webapp config container set \
     --docker-custom-image-name mcr.microsoft.com/appsvc/staticsite:latest
 ```
 
-
 {{#include ../../../banners/hacktricks-training.md}}
-
-
-

src/pentesting-cloud/azure-security/az-services/az-function-apps.md

@@ -99,7 +99,7 @@ When creating an endpoint inside a function using a **HTTP trigger** it's possib
 Just like in App Services, Functions also support basic authentication to connect to **SCM** and **FTP** to deploy code using a **username and password in a URL** provided by Azure. More information about it in:
 
 {{#ref}}
-az-app-service.md
+az-app-services.md
 {{#endref}}
 
 ### Github Based Deployments
@@ -264,6 +264,3 @@ az rest --url "https://management.azure.com/<subscription>/resourceGroups/<res-g
 - [https://learn.microsoft.com/en-us/azure/azure-functions/functions-openapi-definition](https://learn.microsoft.com/en-us/azure/azure-functions/functions-openapi-definition)
 
 {{#include ../../../banners/hacktricks-training.md}}
-
-
-