Az - Services

Naučite hakovanje AWS-a od nule do heroja sa htARTE (HackTricks AWS Red Team Expert)!

Drugi načini podrške HackTricks-u:

Ako želite da vidite vašu kompaniju reklamiranu na HackTricks-u ili preuzmete HackTricks u PDF formatu Proverite SUBSCRIPTION PLANS!
Nabavite zvanični PEASS & HackTricks swag
Otkrijte The PEASS Family, našu kolekciju ekskluzivnih NFT-ova
Pridružite se 💬 Discord grupi ili telegram grupi ili nas pratite na Twitter-u 🐦 @hacktricks_live.
Podelite svoje hakovanje trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.

Portali

Možete pronaći listu Microsoft portala na https://msportals.io/

Sirovi zahtevi

Azure API putem Powershell-a

Dobijte access_token iz IDENTITY_HEADER i IDENTITY_ENDPOINT: system('curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER');.

Zatim upitajte Azure REST API da biste dobili subscription ID i više.

$Token = 'eyJ0eX..'
$URI = 'https://management.azure.com/subscriptions?api-version=2020-01-01'
# $URI = 'https://graph.microsoft.com/v1.0/applications'
$RequestParams = @{
Method = 'GET'
Uri = $URI
Headers = @{
'Authorization' = "Bearer $Token"
}
}
(Invoke-RestMethod @RequestParams).value

# List resources and check for runCommand privileges
$URI = 'https://management.azure.com/subscriptions/b413826f-108d-4049-8c11-d52d5d388768/resources?api-version=2020-10-01'
$URI = 'https://management.azure.com/subscriptions/b413826f-108d-4049-8c11-d52d5d388768/resourceGroups/<RG-NAME>/providers/Microsoft.Compute/virtualMachines/<RESOURCE/providers/Microsoft.Authorization/permissions?apiversion=2015-07-01'

Verzija Azure API-ja putem Pythona

Ova sekcija opisuje kako koristiti Azure API-je putem Pythona.

Da biste koristili Azure API-je, prvo morate instalirati Azure SDK za Python. Možete to učiniti pomoću sljedeće naredbe:

pip install azure

Nakon instalacije SDK-a, možete koristiti Python skripte za pristupanje Azure uslugama putem API-ja.

Primjer koda za pristupanje Azure usluzi za rad s virtualnim strojevima:

from azure.mgmt.compute import ComputeManagementClient
from azure.common.credentials import ServicePrincipalCredentials

# Postavke za prijavu
subscription_id = 'YOUR_SUBSCRIPTION_ID'
tenant_id = 'YOUR_TENANT_ID'
client_id = 'YOUR_CLIENT_ID'
client_secret = 'YOUR_CLIENT_SECRET'

# Kreiranje objekta za prijavu
credentials = ServicePrincipalCredentials(
    client_id=client_id,
    secret=client_secret,
    tenant=tenant_id
)

# Kreiranje objekta za upravljanje virtualnim strojevima
compute_client = ComputeManagementClient(credentials, subscription_id)

# Primjer koda za dohvaćanje informacija o virtualnim strojevima
for vm in compute_client.virtual_machines.list_all():
    print(vm.name)

Ovaj primjer koristi azure.mgmt.compute modul za upravljanje virtualnim strojevima.

Napomena: Prije izvršavanja ovog koda, zamijenite YOUR_SUBSCRIPTION_ID, YOUR_TENANT_ID, YOUR_CLIENT_ID i YOUR_CLIENT_SECRET sa stvarnim vrijednostima iz vašeg Azure računa.

Ovo je samo jedan primjer koda za pristupanje Azure uslugama putem Pythona. Azure API-ji pružaju mnoge druge mogućnosti za interakciju s Azure uslugama, pa se preporučuje da proučite dokumentaciju za određenu uslugu koju želite koristiti.

IDENTITY_ENDPOINT = os.environ['IDENTITY_ENDPOINT']
IDENTITY_HEADER = os.environ['IDENTITY_HEADER']

print("[+] Management API")
cmd = 'curl "%s?resource=https://management.azure.com/&api-version=2017-09-01" -H secret:%s' % (IDENTITY_ENDPOINT, IDENTITY_HEADER)
val = os.popen(cmd).read()
print("Access Token: "+json.loads(val)["access_token"])
print("ClientID/AccountID: "+json.loads(val)["client_id"])

print("\r\n[+] Graph API")
cmd = 'curl "%s?resource=https://graph.microsoft.com/&api-version=2017-09-01" -H secret:%s' % (IDENTITY_ENDPOINT, IDENTITY_HEADER)
val = os.popen(cmd).read()
print(json.loads(val)["access_token"])
print("ClientID/AccountID: "+json.loads(val)["client_id"])

ili unutar Python funkcije:

import logging, os
import azure.functions as func

def main(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
IDENTITY_ENDPOINT = os.environ['IDENTITY_ENDPOINT']
IDENTITY_HEADER = os.environ['IDENTITY_HEADER']
cmd = 'curl "%s?resource=https://management.azure.com&apiversion=2017-09-01" -H secret:%s' % (IDENTITY_ENDPOINT, IDENTITY_HEADER)
val = os.popen(cmd).read()
return func.HttpResponse(val, status_code=200)

Lista usluga

Naučite hakovanje AWS-a od nule do heroja sa htARTE (HackTricks AWS Red Team Expert)!

Drugi načini podrške HackTricks-u:

Ako želite da vidite vašu kompaniju oglašenu na HackTricks-u ili preuzmete HackTricks u PDF formatu Proverite SUBSCRIPTION PLANS!
Nabavite zvanični PEASS & HackTricks swag
Otkrijte The PEASS Family, našu kolekciju ekskluzivnih NFT-ova
Pridružite se 💬 Discord grupi ili telegram grupi ili nas pratite na Twitter-u 🐦 @hacktricks_live.
Podelite svoje hakovanje trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.

PreviousAz - Password Spraying NextAz - ACR

Last updated 28 days ago