From 92b3c384c89fd2ce730b870292ca051211ed5f16 Mon Sep 17 00:00:00 2001 From: Congon4tor Date: Wed, 12 Feb 2025 14:47:59 +0100 Subject: [PATCH] Fix links and update search index url --- .../az-services/az-automation-accounts.md | 11 +++------ .../az-services/az-container-instances.md | 24 +++++++++---------- .../az-services/az-container-registry.md | 13 ++++------ theme/ht_searcher.js | 4 ++-- 4 files changed, 21 insertions(+), 31 deletions(-) diff --git a/src/pentesting-cloud/azure-security/az-services/az-automation-accounts.md b/src/pentesting-cloud/azure-security/az-services/az-automation-accounts.md index bac2a6447..fc45d6776 100644 --- a/src/pentesting-cloud/azure-security/az-services/az-automation-accounts.md +++ b/src/pentesting-cloud/azure-security/az-services/az-automation-accounts.md @@ -1,6 +1,6 @@ # Az - Automation Accounts -{{#include ../../../../banners/hacktricks-training.md}} +{{#include ../../../banners/hacktricks-training.md}} ## Basic Information @@ -59,7 +59,6 @@ When creating a Runbook it's possible to select the runtime environment. By defa However, it's also possible to **create your own environments**, using one of these as a base. In the case of python, it's possible to upload `.whl` packages to the environment that will be used. In the case of PowerShell, it's possible to upload `.zip` packages with the modules to have in the runtime. - ### Hybrid Worker Groups In Azure Automation, the default execution environment for runbooks is the **Azure Sandbox**, a cloud-based platform managed by Azure, suitable for tasks involving Azure resources. However, this sandbox has limitations, such as restricted access to on-premises resources and constraints on execution time and resource usage. To overcome these limitations, Hybrid Worker Groups are employed. A Hybrid Worker Group consists of **one or more Hybrid Runbook Workers installed on your own machines**, whether on-premises, in other cloud environments or Azure VMs. This setup allows runbooks to execute directly on these machines, providing direct access to local resources, the ability to run longer and more resource-intensive tasks, and the flexibility to interact with environments beyond Azure's immediate reach. @@ -78,14 +77,13 @@ Moreover, if the hybrid worker is running in Azure with other Managed Identities ### State Configuration (SC) ->[!WARNING] +> [!WARNING] > As indicated in [the docs](https://learn.microsoft.com/en-us/azure/automation/automation-dsc-overview), Azure Automation State Configuration will be retired on September 30, 2027 and replaced by [Azure Machine Configuration](https://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview). Automation Accounts also support **State Configuration (SC)**, which is a feature that helps **configure** and **maintain** the **state** of your VMs. It's possible to **create** and **apply** DSC configurations to **Windows** and **Linux** machines. From an attackers perspective this was interesting because it allowed to **execute arbitrary PS code in all the configured VMs** allowing to escalate privileges to the managed identities of these VMs, potentially pivoting to new networks... Also, the configurations could contain **sensitive info**. - ## Enumeration ```bash @@ -242,7 +240,4 @@ Get-AzAutomationHybridWorkerGroup -AutomationAccountName -R - [https://learn.microsoft.com/en-us/azure/automation/automation-dsc-overview](https://learn.microsoft.com/en-us/azure/automation/automation-dsc-overview) - [https://github.com/rootsecdev/Azure-Red-Team#runbook-automation](https://github.com/rootsecdev/Azure-Red-Team#runbook-automation) -{{#include ../../../../banners/hacktricks-training.md}} - - - +{{#include ../../../banners/hacktricks-training.md}} diff --git a/src/pentesting-cloud/azure-security/az-services/az-container-instances.md b/src/pentesting-cloud/azure-security/az-services/az-container-instances.md index 627ebcbf6..212feac3c 100644 --- a/src/pentesting-cloud/azure-security/az-services/az-container-instances.md +++ b/src/pentesting-cloud/azure-security/az-services/az-container-instances.md @@ -1,28 +1,26 @@ # Az - Container Instances -{{#include ../../../../banners/hacktricks-training.md}} +{{#include ../../../banners/hacktricks-training.md}} ## Basic Information -Azure Container Instances (ACI) provide a **serverless, on-demand way** to run **containers** in the Azure cloud. You can **deploy** single or multiple containers in a group with **scalable compute**, **networking options**, and the flexibility to connect to **other Azure services** (like Storage, Virtual Networks, or Container Registries). +Azure Container Instances (ACI) provide a **serverless, on-demand way** to run **containers** in the Azure cloud. You can **deploy** single or multiple containers in a group with **scalable compute**, **networking options**, and the flexibility to connect to **other Azure services** (like Storage, Virtual Networks, or Container Registries). As they are **ephemeral** workloads, you don't need to manage the underlying VM infrastructure — Azure handles that for you. However, from an **offensive security perspective**, it's crucial to understand how **permissions**, **identities**, **network configurations**, and **logs** can reveal attack surfaces and potential misconfigurations. - ### Configurations - In order to create a container it's possible to use a public image, a container image from an Azure Container Registry or an external repository, which might **require to configure a password** to access it. - Regarding networking it can also have a **public IP** or be **private endpoints**. - It's also possible to configure common docker settings like: - - **Environment variables** - - **Volumes** (even from Azure Files) - - **Ports** - - **CPU and memory limits** - - **Restart policy** - - **Run as privileged** - - **Command line to run** - - ... - + - **Environment variables** + - **Volumes** (even from Azure Files) + - **Ports** + - **CPU and memory limits** + - **Restart policy** + - **Run as privileged** + - **Command line to run** + - ... ## Enumeration @@ -44,4 +42,4 @@ az container exec --name --resource-group --exec-co # Get yaml configuration of the container group az container export --name --resource-group -``` \ No newline at end of file +``` diff --git a/src/pentesting-cloud/azure-security/az-services/az-container-registry.md b/src/pentesting-cloud/azure-security/az-services/az-container-registry.md index 044cfea3c..3f3240ff5 100644 --- a/src/pentesting-cloud/azure-security/az-services/az-container-registry.md +++ b/src/pentesting-cloud/azure-security/az-services/az-container-registry.md @@ -1,6 +1,6 @@ # Az - Container Registry -{{#include ../../../../banners/hacktricks-training.md}} +{{#include ../../../banners/hacktricks-training.md}} ## Basic Information @@ -20,7 +20,7 @@ These are the **different permissions** [according to the docs](https://learn.mi There are also some **built-in roles** that can be assigned, and it's also possible to create **custom roles**. -![]() +![](/images/registry_roles.png) ### Authentication @@ -61,7 +61,7 @@ Only the **Premium SKU** supports **private endpoints**. The other ones only sup ### Microsoft Defender for Cloud -This allows you to **scan the images** in the registry for **vulnerabilities**. +This allows you to **scan the images** in the registry for **vulnerabilities**. ### Soft-delete @@ -69,7 +69,7 @@ The **soft-delete** feature allows you to **recover a deleted registry** within ### Webhooks -It's possible to **create webhooks** inside registries. In this webhook it's needed to specify the URL where a **request will be sent whenever a push or delete action is performed**. Moreover, Webhooks can indicate a scope to indicate the repositories (images) that will be affected. For example, 'foo:*' means events under repository 'foo'. +It's possible to **create webhooks** inside registries. In this webhook it's needed to specify the URL where a **request will be sent whenever a push or delete action is performed**. Moreover, Webhooks can indicate a scope to indicate the repositories (images) that will be affected. For example, 'foo:\*' means events under repository 'foo'. From an attackers perspective it's interesting to check this **before performing any action** in the registry, and remove it terporarely if needed, to avoid being detected. @@ -160,7 +160,4 @@ az acr cache show --name --registry - [https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli) - [https://learn.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli#access-resource-manager](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-roles?tabs=azure-cli#access-resource-manager) -{{#include ../../../../banners/hacktricks-training.md}} - - - +{{#include ../../../banners/hacktricks-training.md}} diff --git a/theme/ht_searcher.js b/theme/ht_searcher.js index 1cee01a8c..276bbfe6a 100644 --- a/theme/ht_searcher.js +++ b/theme/ht_searcher.js @@ -471,12 +471,12 @@ window.search = window.search || {}; showResults(true); } - fetch(path_to_root + 'searchindex.json') + fetch('https://raw.githubusercontent.com/HackTricks-wiki/hacktricks-cloud/refs/heads/master/searchindex.json') .then(response => response.json()) .then(json => init(json)) .catch(error => { // Try to load searchindex.js if fetch failed var script = document.createElement('script'); - script.src = path_to_root + 'searchindex.js'; + script.src = 'https://raw.githubusercontent.com/HackTricks-wiki/hacktricks-cloud/refs/heads/master/searchindex.js'; script.onload = () => init(window.search); document.head.appendChild(script); });