gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-28 13:43:24 -08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:HackTricks-wiki/hacktricks-cloud

Browse Source
This commit is contained in:
Carlos Polop
2025-01-07 00:43:41 +01:00
parent 1c333d4cab b0794c4b1c
commit b65df65002
5 changed files with 42 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-s3-privesc.md
View File

@@ -62,7 +62,7 @@ So, if you have the permissions listed over these files, there is an attack vect
Follow the description in the *Abusing Terraform State Files* section of the *Terraform Security* page for directly usable exploit code:
{{#ref}}
terraform-security.md#abusing-terraform-state-files
pentesting-ci-cd/terraform-security.md#abusing-terraform-state-files
{{#endref}}
### `s3:PutBucketPolicy`
@@ -194,6 +194,3 @@ aws s3api put-object-acl --bucket <bucket-name> --key flag --version-id <value>
```
{{#include ../../../banners/hacktricks-training.md}}

21
src/pentesting-cloud/azure-security/az-privilege-escalation/az-app-services-privesc.md
View File

@@ -7,7 +7,7 @@
For more information about Azure App services check:
{{#ref}}
../az-services/az-app-service.md
../az-services/az-app-services.md
{{#endref}}
### Microsoft.Web/sites/publish/Action, Microsoft.Web/sites/basicPublishingCredentialsPolicies/read, Microsoft.Web/sites/config/read, Microsoft.Web/sites/read
@@ -37,11 +37,11 @@ ssh root@127.0.0.1 -p 39895
```
- **Debug the application**:
1. Install the Azure extension in VScode.
2. Login in the extension with the Azure account.
3. List all the App services inside the subscription.
4. Select the App service you want to debug, right click and select "Start Debugging".
5. If the app doesn't have debugging enabled, the extension will try to enable it but your account needs the permission `Microsoft.Web/sites/config/write` to do so.
1. Install the Azure extension in VScode.
2. Login in the extension with the Azure account.
3. List all the App services inside the subscription.
4. Select the App service you want to debug, right click and select "Start Debugging".
5. If the app doesn't have debugging enabled, the extension will try to enable it but your account needs the permission `Microsoft.Web/sites/config/write` to do so.
### Obtaining SCM Credentials & Enabling Basic Authentication
@@ -141,7 +141,6 @@ Remember that to access the SCM platform from the **web you need to access to `<
> [!WARNING]
> Note that every user can configure it's own credentials calling the previous command, but if the user doesn't have enough permissions to access the SCM or FTP, the credentials won't work.
- If you see that those credentials are **REDACTED**, it's because you **need to enable the SCM basic authentication option** and for that you need the second permission (`Microsoft.Web/sites/basicPublishingCredentialsPolicies/write`):
```bash
@@ -193,7 +192,7 @@ curl "<SCM-URL>/vfs/data/jobs/continuous/job_name/job_log.txt" \
```
- Read **Webjobs** source code:
```bash
# Using SCM username and password:
# Find all the webjobs inside:
@@ -282,7 +281,7 @@ curl -H "Authorization: Bearer <token>" \
- If the configured source is a third-party provider like Github, BitBucket or an Azure Repository, you can **update the code** of the App service by compromising the source code in the repository.
- If the app is configured using a **remote git repository** (with username and password), it's possible to get the **URL and basic auth credentials** to clone and push changes with:
- Using the permission **`Microsoft.Web/sites/sourcecontrols/read`**: `az webapp deployment source show --name <app-name> --resource-group <res-group>`
- Using the permission **`Microsoft.Web/sites/config/list/action`**:
- Using the permission **`Microsoft.Web/sites/config/list/action`**:
- `az webapp deployment list-publishing-credentials --name <app-name> --resource-group <res-group>`
- `az rest --method POST --url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/sites/<app-name>/config/metadata/list?api-version=2022-03-01" --resource "https://management.azure.com"`
- If the app is configured to use a **local git repository**, it's possible to **clone the repository** and **push changes** to it:
@@ -308,8 +307,4 @@ az webapp config container set \
--docker-custom-image-name mcr.microsoft.com/appsvc/staticsite:latest
```
{{#include ../../../banners/hacktricks-training.md}}

5
src/pentesting-cloud/azure-security/az-services/az-function-apps.md
View File

@@ -99,7 +99,7 @@ When creating an endpoint inside a function using a **HTTP trigger** it's possib
Just like in App Services, Functions also support basic authentication to connect to **SCM** and **FTP** to deploy code using a **username and password in a URL** provided by Azure. More information about it in:
{{#ref}}
az-app-service.md
az-app-services.md
{{#endref}}
### Github Based Deployments
@@ -264,6 +264,3 @@ az rest --url "https://management.azure.com/<subscription>/resourceGroups/<res-g
- [https://learn.microsoft.com/en-us/azure/azure-functions/functions-openapi-definition](https://learn.microsoft.com/en-us/azure/azure-functions/functions-openapi-definition)
{{#include ../../../banners/hacktricks-training.md}}