gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-31 23:15:48 -08:00
Code Issues Packages Projects Releases Wiki Activity

clarification

Browse Source
This commit is contained in:
Carlos Polop
2025-05-09 14:41:08 +02:00
parent 94d6bb7be6
commit 64e6b18369
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-oauth-apps-phishing.md
View File

@@ -87,6 +87,9 @@ The attack involves several steps targeting a generic company. Here's how it mig
<figure><img src="../../../images/image (3).png" alt=""><figcaption></figcaption></figure>
>[!WARNING]
> It's also possibel to request permissions to other APIs that are not Graph API, like `Azure Service Management API`, `Azure Vault`, `Azure Storage`, etc. For example, the scope `https://management.azure.com/user_impersonation` will allow the application to access the Azure Management API on behalf of the user.
4. **Execute the web page (**[**azure_oauth_phishing_example**](https://github.com/carlospolop/azure_oauth_phishing_example)**)** that asks for the permissions:
```bash