Az - Logic Apps Privesc

Reading time: 4 minutes

Logic Apps Privesc

Kwa maelezo zaidi kuhusu SQL Database angalia:

Az - Logic Apps

(Microsoft.Resources/subscriptions/resourcegroups/read, Microsoft.Logic/workflows/read, Microsoft.Logic/workflows/write && Microsoft.ManagedIdentity/userAssignedIdentities/assign/action) && (Microsoft.Logic/workflows/triggers/run/action)

Kwa ruhusa hii, unaweza kuunda au kusasisha, Azure Logic Apps workflows. Workflows zinafafanua michakato ya kiotomatiki na uhusiano kati ya mifumo na huduma mbalimbali.

az logic workflow create \
--resource-group <resource_group_name> \
--name <workflow_name> \
--definition <workflow_definition_file.json> \
--location <location>

az logic workflow update \
--name my-new-workflow \
--resource-group logicappgroup \
--definition <workflow_definition_file.json>

Na baada ya kubadilisha, unaweza kuikimbia na:

az rest \
--method post \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers/{triggerName}/run?api-version=2016-10-01" \
--body '{}' \
--headers "Content-Type=application/json"

Zaidi ya hayo, kwa kutumia tu Microsoft.Logic/workflows/write unaweza kubadilisha Sera ya Uidhinishaji, ukitoa kwa mfano tenant mwingine uwezo wa kuanzisha mchakato:

az rest --method PUT \
--uri "https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Logic/workflows/<workflow-name>?api-version=2016-10-01" \
--body '{
"location": "<region>",
"properties": {
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"$connections": {
"defaultValue": {},
"type": "Object"
}
},
"triggers": {
"<trigger-name>": {
"type": "Request",
"kind": "Http"
}
},
"actions": {},
"outputs": {}
},
"accessControl": {
"triggers": {
"openAuthenticationPolicies": {
"policies": {
"<policy-name>": {
"type": "AAD",
"claims": [
{
"name": "iss",
"value": "<issuer-url>"
}
]
}
}
}
}
}
}
}'

Microsoft.Logic/workflows/triggers/listCallbackUrl/action

Unaweza kupata URL ya kurudi ya kichocheo na kuikimbia.

az rest --method POST \
--uri "https://management.azure.com/subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.Logic/workflows/<workflow_name>/triggers/<trigger_name>/listCallbackUrl?api-version=2019-05-01"

Hii itarudisha URL ya callback kama https://prod-28.centralus.logic.azure.com:443/workflows/..... Sasa tunaweza kuikimbia na:

curl --request POST \
--url "https://prod-28.centralus.logic.azure.com:443/workflows/<workflow_id>/triggers/<trigger_name>/paths/invoke?api-version=2019-05-01&sp=%2Ftriggers%2F<trigger_name>%2Frun&sv=1.0&sig=<signature>" \
--header 'Content-Type: application/json' \
--data '{"exampleKey": "exampleValue"}'

(Microsoft.Web/sites/read, Microsoft.Web/sites/basicPublishingCredentialsPolicies/read, Microsoft.Web/sites/write, Microsoft.Web/sites/config/list/action) && (Microsoft.Web/sites/start/action)

Kwa ruhusa hizi, unaweza kupeleka, Logic App workflows kwa kutumia ZIP file deployments. Ruhusa hizi zinawezesha vitendo kama kusoma maelezo ya programu, kufikia akreditivu za uchapishaji, kuandika mabadiliko, na kuorodhesha usanidi wa programu. Pamoja na ruhusa za kuanzisha, unaweza kuboresha na kupeleka Logic App mpya na maudhui unayotaka.

az logicapp deployment source config-zip \
--name <logic_app_name> \
--resource-group <resource_group_name> \
--src <path_to_zip_file>