gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-06-26 16:34:23 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #176 from JaimePolop/master

Browse Source 
changes
This commit is contained in:
SirBroccoli
2025-04-02 17:49:38 +02:00
committed by GitHub
parent d6a90112e4 b63860c1b3
commit 55bb9cabcd
4 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/pentesting-cloud/azure-security/az-post-exploitation/az-key-vault-post-exploitation.md
+7
View File
@@ -108,6 +108,13 @@ This permission allows a principal to restore a secret from a backup.
az keyvault secret restore --vault-name <vault-name> --file <backup-file-path>
```
### Microsoft.KeyVault/vaults/keys/recover/action
Allows recovery of a previously deleted key from an Azure Key Vault
```bash
az keyvault secret recover --vault-name <vault-name> --name <secret-name>
```
{{#include ../../../banners/hacktricks-training.md}}
src/pentesting-cloud/azure-security/az-privilege-escalation/az-container-instances-apps-jobs-privesc.md
+8
View File
@@ -201,6 +201,14 @@ It looks like with these permissions it should be possibel to start a job. This
I haven't managed to make it work but according to the allowed parameters it should be possible.
### Microsoft.ContainerInstance/containerGroups/restart/action
Allows restarting a specific container group within Azure Container Instances.
```bash
az container restart --resource-group <resource-group> --name <container-instances>
```
{{#include ../../../banners/hacktricks-training.md}}
src/pentesting-cloud/azure-security/az-privilege-escalation/az-static-web-apps-privesc.md
+3 -1
View File
@@ -106,7 +106,7 @@ curl -X PUT "https://functions.azure.com/api/github/updateGitHubContent" \
```
### `Microsoft.Web/staticSites/config/write`
### Microsoft.Web/staticSites/config/write
With this permission, it's possible to **modify the password** protecting a static web app or even unprotect every environment by sending a request such as the following:
@@ -125,6 +125,8 @@ az rest --method put \
}
}'
# Remove the need of a password
az rest --method put \
--url "/subscriptions/<subcription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/config/basicAuth?api-version=2021-03-01" \
src/pentesting-cloud/azure-security/az-privilege-escalation/az-virtual-machines-and-network-privesc.md
+17
View File
@@ -387,6 +387,23 @@ az vm user update \
--password <NEW_PASSWORD>
```
### Microsoft.Compute/virtualMachines/write, "Microsoft.Compute/virtualMachines/read", "Microsoft.Compute/disks/read", "Microsoft.Network/networkInterfaces/read", "Microsoft.Network/networkInterfaces/join/action", "Microsoft.Compute/disks/write".
These permissions allow you to manage, disks, and network interfaces, and, they enable you to attach a disk to a virtual machine.
```bash
# Update the disk's network access policy
az disk update \
--name <disk-name> \
--resource-group <resource-group-name> \
--network-access-policy AllowAll
# Attach the disk to a virtual machine
az vm disk attach \
--vm-name <vm-name> \
--resource-group <resource-group-name> \
--name <disk-name>
```
### TODO: Microsoft.Compute/virtualMachines/WACloginAsAdmin/action
According to the [**docs**](https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/compute#microsoftcompute), this permission lets you manage the OS of your resource via Windows Admin Center as an administrator. So it looks like this gives access to the WAC to control the VMs...