gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-28 13:43:24 -08:00
Code Issues Packages Projects Releases Wiki Activity

apps username

Browse Source
This commit is contained in:
Carlos Polop
2025-05-09 13:14:54 +02:00
parent 3886eb0679
commit 94d6bb7be6
3 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pentesting-cloud/azure-security/az-privilege-escalation/az-app-services-privesc.md
View File

@@ -129,9 +129,15 @@ Note how the **credentials are the same** as in the previous command.
- Another option would be to **set you own creds** and use them:
```bash
# Show if any user is configured (password won't be shown)
az webapp deployment user show
# Set your own credentials
az webapp deployment user set \
--user-name hacktricks \
--password 'W34kP@ssw0rd123!'
# To delete it, check https://stackoverflow.com/questions/45275329/remove-deployment-credentials-from-azure-webapp
```
Then, you can use this credentials to **access the SCM and FTP platforms**. This is also a great way to maintain persistence.

4
src/pentesting-cloud/azure-security/az-services/az-app-services.md
View File

@@ -180,6 +180,10 @@ az webapp conection list --name <name> --resource-group <res-group>
# Get hybrid-connections of a webapp
az webapp hybrid-connections list --name <name> --resource-group <res-group>
# Get configured SMC users by your account
az webapp deployment user show
## If any user is created, the username should appear in the "publishingUserName" field
```
{{#endtab }}

4
src/pentesting-cloud/azure-security/az-services/az-function-apps.md
View File

@@ -67,7 +67,9 @@ The **system assigned** one will be a managed identity that **only the function*
It's possible to use the [**PEASS scripts**](https://github.com/peass-ng/PEASS-ng) to get tokens from the default managed identity from the metadata endpoint. Or you could get them **manually** as explained in:
{% embed url="https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#azure-vm" %}
{{#ref}}
https://book.hacktricks.wiki/en/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.html#azure-vm
{{#endref}}
Note that you need to find out a way to **check all the Managed Identities a function has attached** as if you don't indicate it, the metadata endpoint will **only use the default one** (check the previous link for more info).