Translated ['src/pentesting-cloud/azure-security/az-privilege-escalation

src/pentesting-cloud/azure-security/az-privilege-escalation/az-app-services-privesc.md

@@ -19,7 +19,7 @@ Ruhusa hizi zinaruhusu kupata **SSH shell** ndani ya programu ya wavuti. Pia zin
 # Direct option
 az webapp ssh --name <name> --resource-group <res-group>
 ```
-- **Unda tunnel kisha ungana na SSH**:
+- **Unda tunnel kisha unganisha na SSH**:
 ```bash
 az webapp create-remote-connection --name <name> --resource-group <res-group>
 
@@ -41,7 +41,7 @@ ssh root@127.0.0.1 -p 39895
 
 ### Obtaining SCM Credentials & Enabling Basic Authentication
 
-Ili kupata SCM credentials, unaweza kutumia **commands and permissions** zifuatazo:
+Ili kupata akreditivu za SCM, unaweza kutumia **commands and permissions** zifuatazo:
 
 - The permission **`Microsoft.Web/sites/publishxml/action`** allows to call:
 ```bash
@@ -116,9 +116,9 @@ az webapp deployment list-publishing-credentials --name <app-name> --resource-gr
 "type": "Microsoft.Web/sites/publishingcredentials"
 }
 ```
-Kumbuka jinsi **akihifadhi ni sawa** na katika amri ya awali.
+Kumbuka jinsi **akihesabu ni sawa** na amri ya awali.
 
-- Chaguo lingine lingekuwa **kweka akihifadhi zako** na kuzitumia:
+- Chaguo lingine lingekuwa **kweka akihesabu zako** na kuzitumia:
 ```bash
 az webapp deployment user set \
 --user-name hacktricks \
@@ -153,7 +153,7 @@ az rest --method PUT \
 ```
 ### Publish code using SCM credentials
 
-Kuwa na SCM credentials halali inaruhusu **kuchapisha msimbo** kwenye huduma ya App. Hii inaweza kufanywa kwa kutumia amri ifuatayo.
+Kuwa na akreditivu halali za SCM inaruhusu **kuchapisha msimbo** kwenye huduma ya App. Hii inaweza kufanywa kwa kutumia amri ifuatayo.
 
 Kwa mfano huu wa python unaweza kupakua repo kutoka https://github.com/Azure-Samples/msdocs-python-flask-webapp-quickstart, fanya **mabadiliko** yoyote unayotaka na kisha **zip kwa kukimbia: `zip -r app.zip .`**.
 
@@ -186,7 +186,7 @@ curl "<SCM-URL>/wwwroot/App_Data/jobs/" \
 curl "https://nodewebapp-agamcvhgg3gkd3hs.scm.canadacentral-01.azurewebsites.net/wwwroot/App_Data/jobs/continuous/job_name/rev.js" \
 --user '<username>:<password>'
 ```
-- Unda **continuous Webjob**:
+- Unda **Webjob isiyokatizwa**:
 ```bash
 # Using Azure permissions
 az rest \
@@ -205,7 +205,7 @@ curl -X PUT \
 ```
 ### Microsoft.Web/sites/write, Microsoft.Web/sites/read, Microsoft.ManagedIdentity/userAssignedIdentities/assign/action
 
-Hizi ruhusa zinaruhusu **kuteua utambulisho ulioendeshwa** kwa huduma ya App, hivyo ikiwa huduma ya App ilikuwa imevunjwa hapo awali hii itaruhusu mshambuliaji kuteua utambulisho mpya ulioendeshwa kwa huduma ya App na **kuinua mamlaka** kwao.
+Hizi ruhusa zinaruhusu **kuteua utambulisho uliopewa usimamizi** kwa huduma ya App, hivyo ikiwa huduma ya App ilishambuliwa hapo awali hii itamruhusu mshambuliaji kuteua utambulisho mpya uliopewa usimamizi kwa huduma ya App na **kuinua mamlaka** kwao.
 ```bash
 az webapp identity assign --name <app-name> --resource-group <res-group> --identities /subscriptions/<subcripttion-id>/resourceGroups/<res_group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<managed-identity-name>
 ```
@@ -250,14 +250,14 @@ https://graph.microsoft.com/v1.0/me/drive/root/children
 ```
 ### Update App Code from the source
 
-- Ikiwa chanzo kilichowekwa ni mtoa huduma wa tatu kama Github, BitBucket au Azure Repository, unaweza **kusaidia kuboresha msimbo** wa huduma ya App kwa kuingilia msimbo wa chanzo katika hifadhi.
+- Ikiwa chanzo kilichowekwa ni mtoa huduma wa tatu kama Github, BitBucket au Azure Repository, unaweza **kusaidia kuboresha** msimbo wa huduma ya App kwa kuingilia msimbo wa chanzo katika hifadhi.
 - Ikiwa programu imewekwa kutumia **hifadhi ya git ya mbali** (ikiwa na jina la mtumiaji na nenosiri), inawezekana kupata **URL na akreditif za msingi za uthibitishaji** ili kunakili na kusukuma mabadiliko kwa:
 - Kutumia ruhusa **`Microsoft.Web/sites/sourcecontrols/read`**: `az webapp deployment source show --name <app-name> --resource-group <res-group>`
 - Kutumia ruhusa **`Microsoft.Web/sites/config/list/action`**:
 - `az webapp deployment list-publishing-credentials --name <app-name> --resource-group <res-group>`
 - `az rest --method POST --url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/sites/<app-name>/config/metadata/list?api-version=2022-03-01" --resource "https://management.azure.com"`
-- Ikiwa programu imewekwa kutumia **hifadhi ya git ya ndani**, inawezekana **kunakili hifadhi** na **kusukuma mabadiliko** ndani yake:
-- Kutumia ruhusa **`Microsoft.Web/sites/sourcecontrols/read`**: Unaweza kupata URL ya hifadhi ya git kwa `az webapp deployment source show --name <app-name> --resource-group <res-group>`, lakini itakuwa sawa na URL ya SCM ya programu yenye njia `/<app-name>.git` (kwa mfano `https://pythonwebapp-audeh9f5fzeyhhed.scm.canadacentral-01.azurewebsites.net:443/pythonwebapp.git`).
+- Ikiwa programu imewekwa kutumia **hifadhi ya git ya ndani**, inawezekana **kunakili hifadhi** na **kusukuma mabadiliko** kwake:
+- Kutumia ruhusa **`Microsoft.Web/sites/sourcecontrols/read`**: Unaweza kupata URL ya hifadhi ya git kwa `az webapp deployment source show --name <app-name> --resource-group <res-group>`, lakini itakuwa sawa na URL ya SCM ya programu yenye njia `/<app-name>.git` (kwa mfano, `https://pythonwebapp-audeh9f5fzeyhhed.scm.canadacentral-01.azurewebsites.net:443/pythonwebapp.git`).
 - Ili kupata akreditif za SCM unahitaji ruhusa:
 - **`Microsoft.Web/sites/publishxml/action`**: Kisha endesha `az webapp deployment list-publishing-profiles --resource-group <res-group> -n <name>`.
 - **`Microsoft.Web/sites/config/list/action`**: Kisha endesha `az webapp deployment list-publishing-credentials --name <name> --resource-group <res-group>`