gitea-mirror/hacktricks-cloud

Fork 0

mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-02 07:50:00 -08:00

Files

Translator 633d280c94 Translated ['src/pentesting-cloud/azure-security/az-persistence/az-cloud

2025-02-09 14:58:51 +00:00

14 KiB

Raw Blame History

Az - Logic Apps

Basic Information

Azure Logic Apps ni huduma ya msingi ya wingu inayotolewa na Microsoft Azure ambayo inawawezesha waendelezaji kuunda na kuendesha workflows zinazounganisha huduma mbalimbali, vyanzo vya data, na programu. Workflows hizi zimeundwa ili kuandaa michakato ya biashara, kuandaa kazi, na kufanya uunganisho wa data kati ya majukwaa tofauti.

Logic Apps inatoa mbunifu wa kuona kuunda workflows na aina mbalimbali za viunganishi vilivyotengenezwa awali, ambayo inafanya iwe rahisi kuungana na kuingiliana na huduma mbalimbali, kama vile Office 365, Dynamics CRM, Salesforce, na nyingine nyingi. Unaweza pia kuunda viunganishi vya kawaida kwa mahitaji yako maalum.

Examples

Automating Data Pipelines: Logic Apps inaweza kuandaa mchakato wa uhamishaji na mabadiliko ya data kwa kushirikiana na Azure Data Factory. Hii ni muhimu kwa kuunda mipango ya data inayoweza kupanuka na kuaminika ambayo inahamisha na kubadilisha data kati ya hifadhi mbalimbali za data, kama vile Azure SQL Database na Azure Blob Storage, kusaidia katika uchambuzi na operesheni za akili ya biashara.
Integrating with Azure Functions: Logic Apps inaweza kufanya kazi pamoja na Azure Functions kuendeleza programu za kisasa zinazoendeshwa na matukio ambazo zinaweza kupanuka kadri inavyohitajika na kuunganishwa kwa urahisi na huduma nyingine za Azure. Mfano wa matumizi ni kutumia Logic App kuanzisha Azure Function kama jibu kwa matukio fulani, kama vile mabadiliko katika akaunti ya Azure Storage, kuruhusu usindikaji wa data wa kidinamik.

Visualize a LogicAPP

Ni rahisi kuona LogicApp kwa picha:

au kuangalia msimbo katika sehemu ya "Logic app code view".

SSRF Protection

Hata kama utapata Logic App ikiwa na udhaifu wa SSRF, huwezi kupata akreditivu kutoka kwa metadata kwani Logic Apps haiwezeshi hilo.

Kwa mfano, kitu kama hiki hakitatoa token:

# The URL belongs to a Logic App vulenrable to SSRF
curl -XPOST 'https://prod-44.westus.logic.azure.com:443/workflows/2d8de4be6e974123adf0b98159966644/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=_8_oqqsCXc0u2c7hNjtSZmT0uM4Xi3hktw6Uze0O34s' -d '{"url": "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/"}' -H "Content-type: application/json" -v

Hosting options

Kuna chaguzi kadhaa za mwenyeji:

Consumption

Multi-tenant: inatoa rasilimali za kompyuta za pamoja, inafanya kazi katika wingu la umma, na inafuata mfano wa bei kulingana na operesheni. Hii ni bora kwa kazi nyepesi na za gharama nafuu.

Standard

Workflow Service Plan: rasilimali za kompyuta zilizotengwa na uunganisho wa VNET kwa ajili ya mtandao na malipo kwa kila mfano wa mpango wa huduma za kazi. Inafaa kwa kazi zinazohitaji udhibiti zaidi.
App Service Environment V3 rasilimali za kompyuta zilizotengwa zikiwa na kutengwa kamili na uwezo wa kupanuka. Pia inajumuisha VNET kwa ajili ya mtandao na inatumia mfano wa bei kulingana na mifano ya App Service ndani ya mazingira. Hii ni bora kwa programu za kiwango cha biashara zinazohitaji kutengwa kubwa.
Hybrid iliyoundwa kwa ajili ya usindikaji wa ndani na msaada wa wingu nyingi. Inaruhusu rasilimali za kompyuta zinazodhibitiwa na mteja zikiwa na ufikiaji wa mtandao wa ndani na inatumia Kubernetes Event-Driven Autoscaling (KEDA).

Enumeration

{% tabs %} {% tab title="az cli" %} {% code overflow="wrap" %}

# List
az logic workflow list --resource-group <ResourceGroupName>
# Get info
az logic workflow show --name <LogicAppName> --resource-group <ResourceGroupName>

# Get details of a specific Logic App workflow, including its connections and parameters
az rest \
--method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}?api-version=2016-10-01&$expand=connections.json,parameters.json" \
--headers "Content-Type=application/json"

# Get details about triggers for a specific Logic App
az rest --method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers?api-version=2016-06-01"

# Get the callback URL for a specific trigger in a Logic App
az rest --method POST \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers/{triggerName}/listCallbackUrl?api-version=2016-06-01"

# Get the history of a specific trigger in a Logic App
az rest --method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers/{triggerName}/histories?api-version=2016-06-01"

# List all runs of a specific Logic App workflow
az rest \
--method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/runs?api-version=2016-06-01" \
--headers "Content-Type=application/json"

# Get all actions within a specific run of a Logic App workflow
az rest \
--method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/runs/{runName}/actions?api-version=2016-06-01" \
--headers "Content-Type=application/json"

# List all versions of a specific Logic App workflow
az rest \
--method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/versions?api-version=2016-06-01" \
--headers "Content-Type=application/json"

# Get details of a specific version of a Logic App workflow
az rest \
--method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/versions/{versionName}?api-version=2016-06-01" \
--headers "Content-Type=application/json"

az rest \
--method GET \
--uri "https://examplelogicapp1994.scm.azurewebsites.net/api/functions/admin/download?includeCsproj=true&includeAppSettings=true" \
--headers "Content-Type=application/json"

# List all Logic Apps in the specified resource group
az logicapp list --resource-group <ResourceGroupName>

# Show detailed information about a specific Logic App
az logicapp show --name <LogicAppName> --resource-group <ResourceGroupName>

# List all application settings for a specific Logic App
az logicapp config appsettings list --name <LogicAppName> --resource-group <ResourceGroupName>

{% endcode %} {% endtab %}

{% tab title="Az PowerShell" %} {% code overflow="wrap" %}

Get-Command -Module Az.LogicApp

# List
Get-AzLogicApp -ResourceGroupName <ResourceGroupName>
# Get info
Get-AzLogicApp -ResourceGroupName <ResourceGroupName> -Name <LogicAppName>

# Get details of a specific Logic App workflow run action
Get-AzLogicAppRunAction -ResourceGroupName "<ResourceGroupName>" -Name "<LogicAppName>" -RunName "<RunName>"

# Get the run history for a specific Logic App
Get-AzLogicAppRunHistory -ResourceGroupName "<ResourceGroupName>" -Name "<LogicAppName>"

# Get details about triggers for a specific Logic App
Get-AzLogicAppTrigger -ResourceGroupName "<ResourceGroupName>" -Name "<LogicAppName>"

# Get the callback URL for a specific trigger in a Logic App
Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName "<ResourceGroupName>" -LName "<LogicAppName>" -TriggerName "<TriggerName>"

# Get the history of a specific trigger in a Logic App
Get-AzLogicAppTriggerHistory -ResourceGroupName "<ResourceGroupName>" -Name "<LogicAppName>" -TriggerName "<TriggerName>"

{% endcode %} {% endtab %} {% endtabs %}

Akaunti za Uunganisho

Akaunti za Uunganisho, ni kipengele cha Azure Logic Apps. Akaunti za Uunganisho zinatumika kuwezesha uunganisho wa kiwango cha biashara kwa kuwezesha uwezo wa juu wa B2B, kama vile EDI, AS2, na usimamizi wa muundo wa XML. Akaunti za Uunganisho ni kontena katika Azure ambazo zinahifadhi vitu vifuatavyo vinavyotumika kwa Logic Apps:

Mifano: Simamia mifano ya XML kwa ajili ya kuthibitisha na kushughulikia ujumbe katika akaunti yako ya uunganisho.
Ramani: Sanidi mabadiliko yanayotegemea XSLT kubadilisha muundo wa data ndani ya mifumo yako ya uunganisho.
Mkusanyiko: Simamia mkusanyiko wa akaunti za uunganisho ili kuboresha mantiki na usindikaji wa data.
Vyeti: Shughulikia vyeti kwa ajili ya kuficha na kusaini ujumbe, kuhakikisha mawasiliano salama.
Washirika: Simamia taarifa za washirika wa biashara kwa ajili ya shughuli za B2B, kuwezesha uunganisho usio na mshono.
Makubaliano: Sanidi sheria na mipangilio ya kubadilishana data na washirika wa biashara (kwa mfano, EDI, AS2).
Mipangilio ya Kundi: Simamia mipangilio ya usindikaji wa kundi ili kuunganisha na kushughulikia ujumbe kwa ufanisi.
RosettaNet PIP: Sanidi Mchakato wa Kiunganishi wa RosettaNet (PIPs) kwa ajili ya kuweka kiwango cha mawasiliano ya B2B.

Uhesabu