impr

src/pentesting-cloud/azure-security/az-privilege-escalation/az-cosmosDB-privesc.md

@@ -11,7 +11,7 @@ For more information about SQL Database check:
 
 ### (`Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write`, `Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/read`) & (`Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write`, `Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/read`)
 
-With this permissions you can priviledge scalate giving a user the pemrissions to execute queries and connect to the database. First a definition role is created giving the necesary permissions and scopes.
+With this permissions you can priviledgeescalate giving a user the pemrissions to execute queries and connect to the database. First a definition role is created giving the necesary permissions and scopes.
 
 ```bash
 az cosmosdb sql role definition create \
@@ -48,6 +48,7 @@ az cosmosdb sql role assignment create \
 ```
 
 ### `Microsoft.DocumentDB/databaseAccounts/listKeys/action`
+
 With this permission, you can retrieve the primary and secondary keys for an Azure Cosmos DB account. These keys provide full access to the database account and its resources, enabling actions such as data reads, writes, and configuration changes.
 
 ```bash
@@ -57,5 +58,42 @@ az cosmosdb keys list \
 
 ```
 
+### `Microsoft.DocumentDB/mongoClusters/read` , `Microsoft.DocumentDB/mongoClusters/write`
+
+With this permission, you can create, update, or delete MongoDB clusters on Azure Cosmos DB. This includes provisioning new clusters, modifying existing cluster configurations, decommissioning clusters, or **changing the admin user's password**.
+
+```bash
+az cosmosdb mongocluster update \
+  --cluster-name <cluster-name> \
+  --resource-group <res-group> \
+  --administrator-login "<username>" \
+  --administrator-login-password "<password>" 
+```
+
+### `Microsoft.DocumentDB/mongoClusters/read` , `Microsoft.DocumentDB/mongoClusters/firewallRules/write`
+
+With this permission, you can create or modify firewall rules for a MongoDB cluster on Azure Cosmos DB. This allows control over which IP addresses or ranges can access the cluster. Unauthorized or improper use of this permission could expose the cluster to unwanted or malicious access.
+
+```bash
+# Create Rule
+az cosmosdb mongocluster firewall-rule create \
+  --cluster-name <cluster-name> \
+  --resource-group <res-group> \
+  --rule-name <rule-name> \
+  --start-ip-address <start_ip> \
+  --end-ip-address <end_ip>
+```
+
+Note that by the time of the writing, MongoDB vCore doesn't support to create users internally, which would be great for persistence purposes:
+
+```bash
+mongos] test> db.createUser({
+  user: "adminUser",
+  pwd: "securePassword",
+  roles: [ { role: "root", db: "admin" } ]
+})
+MongoServerError[CommandNotSupported]: CreateUser command is not supported
+```
+
 
 {{#include ../../../banners/hacktricks-training.md}}

src/pentesting-cloud/azure-security/az-services/az-cosmosDB.md

@@ -69,6 +69,22 @@ az cosmosdb sql trigger list --account-name <AccountName> --container-name <Cont
 ## List the NoSQL user defined functions under an Azure Cosmos DB NoSQL container
 az cosmosdb sql user-defined-function list --account-name <AccountName> --container-name <ContainerName> --database-name <DatabaseName> --resource-group <ResourceGroupName>
 
+
+## MongoDB (vCore)
+# Install az cli extension
+az extension add --name cosmosdb-preview
+# List all MongoDB databases in a specified Azure Cosmos DB account
+az cosmosdb mongocluster list
+az cosmosdb mongocluster show --cluster-name <name> --resource-group <ResourceGroupName>
+# Get firewall rules
+az cosmosdb mongocluster firewall rule list --cluster-name <name> --resource-group <ResourceGroupName>
+# Connect to in
+brew install mongosh
+mongosh "mongodb://<username>:<password>@<account-name>.mongo.cosmos.azure.com:10255/?ssl=true&replicaSet=globaldb&retryWrites=false" --username <username> --password <password>
+```
+{{#endtab }}
+
+{{#tab name="Az Powershell" }}
 ```
 {{#endtab }}