gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-30 14:40:37 -08:00
Code Issues Packages Projects Releases Wiki Activity

update container services az

Browse Source
This commit is contained in:
Carlos Polop
2025-02-15 16:23:48 +01:00
parent e6644e6caa
commit 6e477bc296
4 changed files with 116 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/pentesting-cloud/azure-security/az-privilege-escalation/az-container-instances-privesc.md → src/pentesting-cloud/azure-security/az-privilege-escalation/az-container-instances-apps-jobs-privesc.md
View File

@@ -7,7 +7,7 @@
Fore more information check:
{{#ref}}
../az-services/az-container-instances.md
../az-services/az-container-instances-apps-jobs.md
{{#endref}}
### `Microsoft.ContainerInstance/containerGroups/read`, `Microsoft.ContainerInstance/containerGroups/containers/exec/action`
@@ -59,7 +59,7 @@ These permission allows to **create or update a container group** with a **user
```bash
az container create \
--resource-group <res-group>> \
--resource-group <res-group> \
--name nginx2 \
--image mcr.microsoft.com/oss/nginx/nginx:1.9.15-alpine \
--assign-identity "/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<user-namaged-identity-name>" \

112
src/pentesting-cloud/azure-security/az-services/az-container-instances-apps-jobs.md Normal file
View File

@@ -0,0 +1,112 @@
# Az - Container Instances
{{#include ../../../banners/hacktricks-training.md}}
## Basic Information
**Azure Container Instances (ACI)** is a serverless container service that lets you run individual containers quickly without managing any underlying infrastructure. **Azure Container Apps (ACA)** extends this by offering a fully managed environment for running microservices and web apps with features like event-driven autoscaling, built-in Dapr integration, and support for complex orchestration scenarios. **Container App Jobs** are a specialized feature within ACA designed for running short-lived, batch, or scheduled tasks that execute for a finite period and then exit.
Differences:
- ACI is ideal for **simple**, standalone container workloads where minimal orchestration is needed.
- ACA is best suited for building scalable, interconnected microservices with advanced features like autoscaling and service discovery.
- Container App Jobs focus on **one-off or scheduled tasks**, providing a streamlined way to run background or batch jobs within the ACA environment.
### Configurations
Special options for ACI:
- Regarding networking it can also have a **public IP** or be **private endpoints**.
Special options for ACA:
- It's possible to **restrict the trafic** to the container to the container app environment or leave it public.
- Its possible to use an **external identity provider** (Microsoft, Facebook, Google, and Twitter) for authentication
- It's possible to **store App secrets** (in clear text the app or as links to a vault assigning a MI with access over it)
- Its possible to have **revisions and replicas of the app**
Special options for jobs:
- The trigger type can be **manual, scheduled or event-based** (like a message arriving in a queue).
Common options:
- In order to create a container it's possible to use a public image, a container image from an Azure Container Registry or an external repository, which might **require to configure a password** to access it.
- This means that the configuration of the container might contain sensitive information.
- It's also possible to configure common docker settings like:
- **Environment variables** (check for sensitive information)
- **Volumes** (even from Azure Files)
- **Ports** to expose
- **CPU and memory limits**
- **Restart policy**
- **Run as privileged**
- Overwrite containers **command line to run and arguments** (can be modified in existing containers also)
- ...
## Enumeration
> [!WARNING]
> When enumerating, you could reveal sensitive configurations such as **environment variables**, **network details**, or **managed identities**.
```bash
# ACI
## List all container instances in the subscription
az container list
## Show detailed information about a specific container instance
az container show --name <container-name> --resource-group <res-group>
## Fetch logs from a container
az container logs --name <container-name> --resource-group <res-group>
## Execute a command in a running container and get the output
az container exec --name <container-name> --resource-group <res-group> --exec-command "ls"
## Get yaml configuration of the container group
az container export --name <container-name> --resource-group <res-group>
# ACA
## List all container apps in the subscription
az containerapp list
## Show detailed information about a specific container app
az containerapp show --name <app-name> --resource-group <res-group>
## Fetch logs from a container app
az containerapp logs show --name <app-name> --resource-group <res-group>
## Get configured secrets
az containerapp secret list --name <app-name> --resource-group <res-group>
### Get value
az containerapp secret show --name <app-name> --resource-group <res-group> --secret-name <secret-name>
## Get authentication options
az containerapp auth show --name <app-name> --resource-group <res-group>
## Get a shell
az containerapp exec --name <app-name> --resource-group <res-group> --command "sh"
## Get debugging shell
az containerapp debug --name <app-name> --resource-group <res-group>
# Jobs
## List all container apps jobs in a resource group
az containerapp job list --resource-group <res-group>
## Show detailed information about a specific container app job
az containerapp job show --name <job-name> --resource-group <res-group>
## Fetch logs from a container app job
az containerapp job logs show --name <job-name> --resource-group <res-group>
## Fetch executions from a container app job
az containerapp job execution list --name <job-name> --resource-group <res-group>
az containerapp job execution show --name <job-name> --resource-group <res-group> --job-execution-name <job-execution>
## Start a job execution (for manual jobs)
az containerapp job start --name <job-name> --resource-group <res-group>
```
## Privilege Escalation & Post Exploitation
{{#ref}}
../az-privilege-escalation/az-container-instances-apps-jobs-privesc.md
{{#endref}}
{{#include ../../../banners/hacktricks-training.md}}

45
src/pentesting-cloud/azure-security/az-services/az-container-instances.md
View File

@@ -1,45 +0,0 @@
# Az - Container Instances
{{#include ../../../banners/hacktricks-training.md}}
## Basic Information
Azure Container Instances (ACI) provide a **serverless, on-demand way** to run **containers** in the Azure cloud. You can **deploy** single or multiple containers in a group with **scalable compute**, **networking options**, and the flexibility to connect to **other Azure services** (like Storage, Virtual Networks, or Container Registries).
As they are **ephemeral** workloads, you don't need to manage the underlying VM infrastructure — Azure handles that for you. However, from an **offensive security perspective**, it's crucial to understand how **permissions**, **identities**, **network configurations**, and **logs** can reveal attack surfaces and potential misconfigurations.
### Configurations
- In order to create a container it's possible to use a public image, a container image from an Azure Container Registry or an external repository, which might **require to configure a password** to access it.
- Regarding networking it can also have a **public IP** or be **private endpoints**.
- It's also possible to configure common docker settings like:
- **Environment variables**
- **Volumes** (even from Azure Files)
- **Ports**
- **CPU and memory limits**
- **Restart policy**
- **Run as privileged**
- **Command line to run**
- ...
## Enumeration
> [!WARNING]
> When enumerating ACI, you can reveal sensitive configurations such as **environment variables**, **network details**, or **managed identities**. Be cautious with logging or displaying them.
```bash
# List all container instances in the subscription
az container list
# Show detailed information about a specific container instance
az container show --name <container-name> --resource-group <res-group>
# Fetch logs from a container
az container logs --name <container-name> --resource-group <res-group>
# Execute a command in a running container and get the output
az container exec --name <container-name> --resource-group <res-group> --exec-command "ls"
# Get yaml configuration of the container group
az container export --name <container-name> --resource-group <res-group>
```