From 61c70bfefd823b8ca0f6fa7e6181e1b791d1d127 Mon Sep 17 00:00:00 2001
From: Carlos Polop <carlospolop@gmail.com>
Date: Tue, 18 Feb 2025 12:16:41 +0100
Subject: [PATCH] improvements

---
 .../aws-post-exploitation/aws-ecr-post-exploitation.md   | 1 +
 .../az-privilege-escalation/az-servicebus-privesc.md     | 9 +++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ecr-post-exploitation.md b/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ecr-post-exploitation.md
index 04d0f8834..09f343d09 100644
--- a/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ecr-post-exploitation.md
+++ b/src/pentesting-cloud/aws-security/aws-post-exploitation/aws-ecr-post-exploitation.md
@@ -30,6 +30,7 @@ curl -i -H "Authorization: Basic $TOKEN" https://<account_id>.dkr.ecr.<region>.a
 
 # Inspect the image
 docker inspect sha256:079aee8a89950717cdccd15b8f17c80e9bc4421a855fcdc120e1c534e4c102e0
+docker inspect <account id>.dkr.ecr.<region>.amazonaws.com/<image>:<tag> # Inspect the image indicating the URL
 
 # Upload (example uploading purplepanda with tag latest)
 docker tag purplepanda:latest <account_id>.dkr.ecr.<region>.amazonaws.com/purplepanda:latest
diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-servicebus-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-servicebus-privesc.md
index c8ad2673c..408eecb40 100644
--- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-servicebus-privesc.md
+++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-servicebus-privesc.md
@@ -97,7 +97,7 @@ az servicebus namespace update --disable-local-auth false -n <namespace-name> --
 ```
 
 
-### Send Messages with keys (Microsoft.ServiceBus/namespaces/authorizationRules/listkeys/action OR Microsoft.ServiceBus/namespaces/authorizationRules/regenerateKeys/action)
+### Send Messages with keys (Microsoft.ServiceBus/namespaces/[queues|topics]/authorizationRules/ListKeys/action OR Microsoft.ServiceBus/namespaces/[queues|topics]/authorizationRules/regenerateKeys/action)
 
 You can retrieve the `PrimaryConnectionString`, which acts as a credential for the Service Bus namespace. With this connection string, you can fully authenticate as the Service Bus namespace, enabling you to send messages to any queue or topic and potentially interact with the system in ways that could disrupt operations, impersonate valid users, or inject malicious data into the messaging workflow. This method works if `--disable-local-auth` is set to false (so local auth is enabled).
 
@@ -105,6 +105,7 @@ You can retrieve the `PrimaryConnectionString`, which acts as a credential for t
 import asyncio
 from azure.servicebus.aio import ServiceBusClient
 from azure.servicebus import ServiceBusMessage
+# pip install azure-servicebus
 
 NAMESPACE_CONNECTION_STR = "<PrimaryConnectionString>"
 TOPIC_OR_QUEUE_NAME = "<TOPIC_OR_QUEUE_NAME>"
@@ -148,13 +149,14 @@ az rest --method post \
 
 ```
 
-### Receive with keys (Microsoft.ServiceBus/namespaces/authorizationRules/listkeys/action OR Microsoft.ServiceBus/namespaces/authorizationRules/regenerateKeys/action)
+### Receive with keys (Microsoft.ServiceBus/namespaces/[queues|topics]/authorizationRules/ListKeys/action OR Microsoft.ServiceBus/namespaces/[queues|topics]/authorizationRules/regenerateKeys/action)
 
 You can retrieve the PrimaryConnectionString, which serves as a credential for the Service Bus namespace. Using this connection string, you can receive messages from any queue or subscription within the namespace, allowing access to potentially sensitive or critical data, enabling data exfiltration, or interfering with message processing and application workflows. This method works if `--disable-local-auth` is set to false.
 
 ```python
 import asyncio
 from azure.servicebus.aio import ServiceBusClient
+# pip install azure-servicebus
 
 CONN_STR = "<PrimaryConnectionString>"
 QUEUE = "<QUEUE_NAME>"
@@ -250,6 +252,7 @@ import asyncio
 from azure.identity.aio import DefaultAzureCredential
 from azure.servicebus.aio import ServiceBusClient
 from azure.servicebus import ServiceBusMessage
+# pip install azure-servicebus
 
 NS = "<namespace>.servicebus.windows.net"  # Your namespace
 QUEUE_OR_TOPIC = "<QUEUE_OR_TOPIC>"        # Your queue name
@@ -257,6 +260,7 @@ QUEUE_OR_TOPIC = "<QUEUE_OR_TOPIC>"        # Your queue name
 async def run():
     credential = DefaultAzureCredential()
     async with ServiceBusClient(fully_qualified_namespace=NS, credential=credential) as client:
+        #async with client.get_topic_sender(topic_name=TOPIC) as sender: # Use this to send the message to a topic
         async with client.get_queue_sender(queue_name=QUEUE) as sender:
             await sender.send_messages(ServiceBusMessage("Single Message"))
             print("Sent a single message")
@@ -274,6 +278,7 @@ You can use this permissions to receive messages, even if `--disable-local-auth`
 import asyncio
 from azure.identity.aio import DefaultAzureCredential
 from azure.servicebus.aio import ServiceBusClient
+# pip install azure-servicebus
 
 NS = "<namespace>.servicebus.windows.net"
 QUEUE = "<QUEUE>"