Merge pull request #176 from JaimePolop/master

changes

Author: carlospolop

src/pentesting-cloud/azure-security/az-post-exploitation/az-key-vault-post-exploitation.md

@@ -108,6 +108,13 @@ This permission allows a principal to restore a secret from a backup.
 az keyvault secret restore --vault-name <vault-name> --file <backup-file-path>
 ```
 
+### Microsoft.KeyVault/vaults/keys/recover/action
+Allows recovery of a previously deleted key from an Azure Key Vault
+
+```bash
+az keyvault secret recover --vault-name <vault-name> --name <secret-name>
+
+```
 {{#include ../../../banners/hacktricks-training.md}}
 
 

src/pentesting-cloud/azure-security/az-privilege-escalation/az-container-instances-apps-jobs-privesc.md

@@ -201,6 +201,14 @@ It looks like with these permissions it should be possibel to start a job. This
 
 I haven't managed to make it work but according to the allowed parameters it should be possible.
 
+### Microsoft.ContainerInstance/containerGroups/restart/action
+
+Allows restarting a specific container group within Azure Container Instances.
+
+```bash
+az container restart --resource-group <resource-group> --name <container-instances>
+```
+
 
 {{#include ../../../banners/hacktricks-training.md}}
 

src/pentesting-cloud/azure-security/az-privilege-escalation/az-static-web-apps-privesc.md

@@ -106,7 +106,7 @@ curl -X PUT "https://functions.azure.com/api/github/updateGitHubContent" \
 ```
 
 
-### `Microsoft.Web/staticSites/config/write`
+### Microsoft.Web/staticSites/config/write
 
 With this permission, it's possible to **modify the password** protecting a static web app or even unprotect every environment by sending a request such as the following:
 
@@ -125,6 +125,8 @@ az rest --method put \
     }
 }'
 
+
+
 # Remove the need of a password
 az rest --method put \
 --url "/subscriptions/<subcription-id>/resourceGroups/<res-group>/providers/Microsoft.Web/staticSites/<app-name>/config/basicAuth?api-version=2021-03-01" \

src/pentesting-cloud/azure-security/az-privilege-escalation/az-virtual-machines-and-network-privesc.md

@@ -387,6 +387,23 @@ az vm user update \
   --password <NEW_PASSWORD>
 ```
 
+### Microsoft.Compute/virtualMachines/write, "Microsoft.Compute/virtualMachines/read", "Microsoft.Compute/disks/read", "Microsoft.Network/networkInterfaces/read", "Microsoft.Network/networkInterfaces/join/action", "Microsoft.Compute/disks/write".
+
+These permissions allow you to manage, disks, and network interfaces, and, they enable you to attach a disk to a virtual machine.
+```bash
+# Update the disk's network access policy
+az disk update \
+  --name <disk-name> \
+  --resource-group <resource-group-name> \
+  --network-access-policy AllowAll
+
+# Attach the disk to a virtual machine
+az vm disk attach \
+  --vm-name <vm-name> \
+  --resource-group <resource-group-name> \
+  --name <disk-name>
+```
+
 ### TODO: Microsoft.Compute/virtualMachines/WACloginAsAdmin/action
 
 According to the [**docs**](https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/compute#microsoftcompute), this permission lets you manage the OS of your resource via Windows Admin Center as an administrator. So it looks like this gives access to the WAC to control the VMs...