From e4b1066789a84542ccbb2baf3f8de41bd7532986 Mon Sep 17 00:00:00 2001
From: Jaime Polop <117489620+JaimePolop@users.noreply.github.com>
Date: Thu, 16 Jan 2025 12:47:24 +0100
Subject: [PATCH] Add files via upload

---
 .../az-logic-apps-privesc.md                  | 79 +++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100644 src/pentesting-cloud/azure-security/az-privilege-escalation/az-logic-apps-privesc.md

diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-logic-apps-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-logic-apps-privesc.md
new file mode 100644
index 000000000..dcbc7b446
--- /dev/null
+++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-logic-apps-privesc.md
@@ -0,0 +1,79 @@
+# Az - Logic Apps Privesc
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
+Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+
+<details>
+
+<summary>Support HackTricks</summary>
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+</details>
+{% endhint %}
+
+## Logic Apps Privesc
+For more information about SQL Database check:
+
+{% content-ref url="../az-services/az-logic-apps.md" %}
+[az-logic-apps.md](../az-services/az-logic-apps.md)
+{% endcontent-ref %}
+
+### ("Microsoft.Resources/subscriptions/resourcegroups/read", "Microsoft.Logic/workflows/read", "Microsoft.Logic/workflows/write" && "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action") && ("Microsoft.Logic/workflows/triggers/run/action")
+
+With this permission, you can create or update, Azure Logic Apps workflows. Workflows define automated processes and integrations between various systems and services.
+
+{% code overflow="wrap" %}
+```bash
+az logic workflow create \
+  --resource-group <resource_group_name> \
+  --name <workflow_name> \
+  --definition <workflow_definition_file.json> \
+  --location <location>
+
+az logic workflow update \
+  --name my-new-workflow \
+  --resource-group logicappgroup \
+  --definition <workflow_definition_file.json>
+```
+{% endcode %}
+
+And after changing it, you can run it with:
+
+```bash
+az rest \
+  --method post \
+  --uri "https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers/{triggerName}/run?api-version=2016-10-01" \
+  --body '{}' \
+  --headers "Content-Type=application/json"
+```
+
+### ("Microsoft.Web/sites/read", "Microsoft.Web/sites/basicPublishingCredentialsPolicies/read", "Microsoft.Web/sites/write", "Microsoft.Web/sites/config/list/action") && ("Microsoft.Web/sites/start/action")
+With these permissions, you can deploy, Logic App workflows using ZIP file deployments. These permissions enable actions such as reading app details, accessing publishing credentials, writing changes, and listing app configurations. Alongside the start permissions you can update and deploy a new Logic App with the content desired
+
+{% code overflow="wrap" %}
+```bash
+az logicapp deployment source config-zip \
+  --name <logic_app_name> \
+  --resource-group <resource_group_name> \
+  --src <path_to_zip_file>
+```
+{% endcode %}
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
+Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+
+<details>
+
+<summary>Support HackTricks</summary>
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+</details>
+{% endhint %}