hacktricks-cloud/src/pentesting-cloud/azure-security/az-post-exploitation/az-logic-apps-post-exploitation.md

Az - Logic Apps Post Exploitation

{% hint style="success" %} Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Angalia mpango wa usajili!
• Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
• Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

{% endhint %}

Logic Apps Database Post Exploitation

Kwa maelezo zaidi kuhusu logic apps angalia:

{% content-ref url="../az-services/az-logic-apps.md" %} az-logic-apps.md {% endcontent-ref %}

"Microsoft.Logic/workflows/read", "Microsoft.Logic/workflows/write" && "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action"

Kwa ruhusa hizi, unaweza kubadilisha Logic App workflows na kusimamia vitambulisho vyao. Kwa haswa, unaweza kuassign au kuondoa vitambulisho vya usimamizi vilivyotolewa na mfumo na vilivyotolewa na mtumiaji kwa workflows, ambayo inaruhusu Logic App kuthibitisha na kufikia rasilimali nyingine za Azure bila akidi maalum.

{% code overflow="wrap" %}

az logic workflow identity remove/assign \
--name <workflow_name> \
--resource-group <resource_group_name> \
--system-assigned true \
--user-assigned "/subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<identity_name>"

{% endcode %}

"Microsoft.Web/sites/read", "Microsoft.Web/sites/write"

Kwa ruhusa hizi, unaweza kuunda au kuboresha Logic Apps zinazohifadhiwa kwenye Mpango wa Huduma ya App. Hii inajumuisha kubadilisha mipangilio kama vile kuwezesha au kuzima utekelezaji wa HTTPS.

{% code overflow="wrap" %}

az logicapp update \
--resource-group <resource_group_name> \
--name <logic_app_name> \
--set httpsOnly=false

{% endcode %}

"Microsoft.Web/sites/stop/action", "Microsoft.Web/sites/start/action" || "Microsoft.Web/sites/restart/action"

Kwa ruhusa hii, unaweza kuanzisha/kusitisha/kurestart programu ya wavuti, ikiwa ni pamoja na Logic Apps zilizohifadhiwa kwenye Mpango wa Huduma ya Programu. Kitendo hiki kinahakikisha kwamba programu iliyositishwa hapo awali inarejeshwa mtandaoni na inaendelea na kazi zake. Hii inaweza kuharibu mchakato wa kazi, kuanzisha operesheni zisizokusudiwa, au kusababisha muda wa kukatika kwa kuanzisha, kusitisha, au kurestart Logic Apps bila kutarajia.

{% code overflow="wrap" %}

az webapp start/stop/restart \
--name <logic_app_name> \
--resource-group <resource_group_name>

{% endcode %}

"Microsoft.Web/sites/config/list/action", "Microsoft.Web/sites/read" && "Microsoft.Web/sites/config/write"

Kwa ruhusa hii, unaweza kuunda au kubadilisha mipangilio ya programu za wavuti, ikiwa ni pamoja na Logic Apps zinazohifadhiwa kwenye Mpango wa Huduma ya Programu. Hii inaruhusu mabadiliko ya mipangilio ya programu, nyuzi za muunganisho, mipangilio ya uthibitishaji, na mengineyo.

{% code overflow="wrap" %}

az logicapp config appsettings set \
--name <logic_app_name> \
--resource-group <resource_group_name> \
--settings "<key>=<value>"

{% endcode %}

"Microsoft.Logic/integrationAccounts/write"

Kwa ruhusa hii, unaweza kuunda, kusasisha, au kufuta akaunti za ushirikiano za Azure Logic Apps. Hii inajumuisha kusimamia mipangilio ya kiwango cha akaunti za ushirikiano kama ramani, mifano, washirika, makubaliano, na zaidi.

{% code overflow="wrap" %}

az logic integration-account create \
--resource-group <resource_group_name> \
--name <integration_account_name> \
--location <location> \
--sku <Standard|Free> \
--state Enabled

{% endcode %}

"Microsoft.Resources/subscriptions/resourcegroups/read" && "Microsoft.Logic/integrationAccounts/batchConfigurations/write"

Kwa ruhusa hii, unaweza kuunda au kubadilisha mipangilio ya kundi ndani ya akaunti ya uunganisho ya Azure Logic Apps. Mipangilio ya kundi inaelezea jinsi Logic Apps inavyoshughulikia na kuunganisha ujumbe unaoingia kwa ajili ya usindikaji wa kundi.

{% code overflow="wrap" %}

az logic integration-account batch-configuration create \
--resource-group <resource_group_name> \
--integration-account-name <integration_account_name> \
--name <batch_configuration_name> \
--release-criteria '{
"messageCount": 100,
"batchSize": 1048576,
}'

{% endcode %}

"Microsoft.Resources/subscriptions/resourcegroups/read" && "Microsoft.Logic/integrationAccounts/maps/write"

Kwa ruhusa hii, unaweza kuunda au kubadilisha ramani ndani ya akaunti ya uunganisho ya Azure Logic Apps. Ramani zinatumika kubadilisha data kutoka muundo mmoja hadi mwingine, kuruhusu uunganisho usio na mshono kati ya mifumo na programu tofauti.

{% code overflow="wrap" %}

az logic integration-account map create \
--resource-group <resource_group_name> \
--integration-account-name <integration_account_name> \
--name <map_name> \
--map-type <Xslt|Xslt20|Xslt30> \
--content-type application/xml \
--map-content map-content.xslt

{% endcode %}

"Microsoft.Resources/subscriptions/resourcegroups/read" && "Microsoft.Logic/integrationAccounts/partners/write"

Kwa ruhusa hii, unaweza kuunda au kubadilisha washirika katika akaunti ya uunganisho ya Azure Logic Apps. Washirika wanawakilisha entiti au mifumo inayoshiriki katika michakato ya biashara kwa biashara (B2B).

{% code overflow="wrap" %}

az logic integration-account partner create \
--resource-group <resource_group_name> \
--integration-account-name <integration_account_name> \
--name <partner_name> \
--partner-type <partner-type> \
--content '{
"b2b": {
"businessIdentities": [
{
"qualifier": "ZZ",
"value": "TradingPartner1"
}
]
}
}'

{% endcode %}

"Microsoft.Resources/subscriptions/resourcegroups/read" && "Microsoft.Logic/integrationAccounts/sessions/write"

Kwa ruhusa hii, unaweza kuunda au kubadilisha vikao ndani ya akaunti ya uunganisho ya Azure Logic Apps. Vikao vinatumika katika mchakato wa B2B kuunganisha ujumbe na kufuatilia shughuli zinazohusiana kwa kipindi kilichofafanuliwa.

{% code overflow="wrap" %}

az logic integration-account session create \
--resource-group <resource_group_name> \
--integration-account-name <integration_account_name> \
--name <session_name> \
--content '{
"properties": {
"sessionId": "session123",
"data": {
"key1": "value1",
"key2": "value2"
}
}
}'

{% endcode %}

"*/delete"

Kwa ruhusa hizi unaweza kufuta rasilimali zinazohusiana na Azure Logic Apps

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}