From 4d81e00a8be6c4825882ce465dd04443efaf8055 Mon Sep 17 00:00:00 2001 From: Translator Date: Mon, 17 Feb 2025 18:21:38 +0000 Subject: [PATCH] Translated ['src/pentesting-cloud/azure-security/az-persistence/az-autom --- src/SUMMARY.md | 1 + .../az-automation-accounts-persistence.md | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 src/pentesting-cloud/azure-security/az-persistence/az-automation-accounts-persistence.md diff --git a/src/SUMMARY.md b/src/SUMMARY.md index c53000a33..227605b06 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -487,6 +487,7 @@ - [Az - SQL Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-sql-privesc.md) - [Az - Virtual Machines & Network Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-virtual-machines-and-network-privesc.md) - [Az - Persistence](pentesting-cloud/azure-security/az-persistence/README.md) + - [Az - Automation Accounts Persistence](pentesting-cloud/azure-security/az-persistence/az-automation-accounts-persistence.md) - [Az - Cloud Shell Persistence](pentesting-cloud/azure-security/az-persistence/az-cloud-shell-persistence.md) - [Az - Queue Storage Persistence](pentesting-cloud/azure-security/az-persistence/az-queue-persistance.md) - [Az - VMs Persistence](pentesting-cloud/azure-security/az-persistence/az-vms-persistence.md) diff --git a/src/pentesting-cloud/azure-security/az-persistence/az-automation-accounts-persistence.md b/src/pentesting-cloud/azure-security/az-persistence/az-automation-accounts-persistence.md new file mode 100644 index 000000000..482e4008e --- /dev/null +++ b/src/pentesting-cloud/azure-security/az-persistence/az-automation-accounts-persistence.md @@ -0,0 +1,35 @@ +# Az - Automation Accounts Persistence + +{{#include ../../../banners/hacktricks-training.md}} + +## Storage Privesc + +Kwa maelezo zaidi kuhusu Akaunti za Uendeshaji angalia: + +{{#ref}} +../az-services/az-automation-accounts.md +{{#endref}} + + +### Backdoor existing runbook + +Ikiwa mshambuliaji ana ufikiaji wa akaunti ya uendeshaji, anaweza **kuongeza backdoor** kwenye runbook iliyopo ili **kuhifadhi uthibitisho** na **kuhamasisha data** kama tokens kila wakati runbook inatekelezwa. + +### Schedules & Webhooks + +Unda au badilisha Runbook iliyopo na ongeza ratiba au webhook kwake. Hii itamruhusu mshambuliaji **kuhifadhi uthibitisho hata kama ufikiaji wa mazingira umepotea** kwa kutekeleza backdoor ambayo inaweza kuwa inavuja tokens kutoka MI kwa nyakati maalum au wakati wowote anapotaka kwa kutuma ombi kwa webhok. + +### Malware inside a VM used in a hybrid worker group + +Ikiwa VM inatumika kama kikundi cha wafanyakazi wa mchanganyiko, mshambuliaji anaweza **kusanidi malware** ndani ya VM ili **kuhifadhi uthibitisho** na **kuhamasisha data** kama tokens kwa utambulisho wa kusimamiwa uliotolewa kwa VM na kwa akaunti ya uendeshaji kwa kutumia VM. + +### Custom environment packages + +Ikiwa akaunti ya uendeshaji inatumia pakiti za kawaida katika mazingira maalum, mshambuliaji anaweza **kubadilisha pakiti** ili **kuhifadhi uthibitisho** na **kuhamasisha data** kama tokens. Hii pia itakuwa njia ya siri ya kuhifadhi uthibitisho kwani pakiti za kawaida zilizopakiwa kwa mikono mara nyingi hazikaguliwi kwa msimbo mbaya. + +### Compromise external repos + +Ikiwa akaunti ya uendeshaji inatumia repos za nje kuhifadhi msimbo kama Github, mshambuliaji anaweza **kudhoofisha repo** ili **kuhifadhi uthibitisho** na **kuhamasisha data** kama tokens. Hii ni ya kuvutia hasa ikiwa toleo la hivi karibuni la msimbo linasawazishwa kiotomatiki na runbook. + + +{{#include ../../../banners/hacktricks-training.md}}