app services

src/pentesting-cloud/azure-security/az-services/az-app-services.md

@@ -159,6 +159,9 @@ az webapp config storage-account list --name <name> --resource-group <res-group>
 # Get configured container (if any) in the webapp, it could contain credentials
 az webapp config container show --name <name> --resource-group <res-group>
 
+# Get git URL to access the code
+az webapp deployment source config-local-git --resource-group <res-group> -n <name>
+
 # Get Webjobs
 az webapp webjob continuous list --resource-group <res-group> --name <app-name>
 az webapp webjob triggered list --resource-group <res-group> --name <app-name>
@@ -225,25 +228,6 @@ done
 {{#endtab }}
 {{#endtabs }}
 
-#### Obtain credentials & get access to the webapp code
-
-```bash
-# Get connection strings that could contain credentials (with DBs for example)
-az webapp config connection-string list --name <name> --resource-group <res-group>
-## Check how to use the DBs connection strings in the SQL page
-
-# Get credentials to access the code and DB credentials if configured.
-az webapp deployment list-publishing-profiles --resource-group <res-group> -n <name>
-
-
-# Get git URL to access the code
-az webapp deployment source config-local-git --resource-group <res-group> -n <name>
-
-# Access/Modify the code via git
-git clone 'https://<username>:<password>@name.scm.azurewebsites.net/repo-name.git'
-## In my case the username was: $nameofthewebapp and the password some random chars
-## If you change the code and do a push, the app is automatically redeployed
-```
 
 {{#ref}}
 ../az-privilege-escalation/az-app-services-privesc.md