Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 22:18:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

Translated ['network-services-pentesting/pentesting-web/jira.md'] to sw

Browse source
This commit is contained in:
Translator 2024-08-26 22:44:21 +00:00
parent 0d2f0651f2
commit 411c4f58a4
1 changed files with 20 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
network-services-pentesting/pentesting-web/jira.md
View file

@ -21,9 +21,9 @@ If you are interested in **hacking career** and hack the unhackable - **we are h
{% embed url="https://www.stmcyber.com/careers" %}
### Check Privileges
## Check Privileges
Katika Jira, **privileges zinaweza kuangaliwa** na mtumiaji yeyote, aliyeidhinishwa au la, kupitia endpoints `/rest/api/2/mypermissions` au `/rest/api/3/mypermissions`. Endpoints hizi zinaonyesha **privileges** za sasa za mtumiaji. Wasiwasi mkubwa unatokea wakati **watumiaji wasio na uthibitisho wana privileges**, ikionyesha **udhaifu wa usalama** ambao unaweza kuwa na haki ya **bounty**. Vivyo hivyo, **privileges zisizotarajiwa kwa watumiaji walioidhinishwa** pia zinaonyesha **udhaifu**.
Katika Jira, **privileges zinaweza kuangaliwa** na mtumiaji yeyote, aliyeidhinishwa au la, kupitia endpoints `/rest/api/2/mypermissions` au `/rest/api/3/mypermissions`. Endpoints hizi zinaonyesha privileges za sasa za mtumiaji. Wasiwasi mkubwa unatokea wakati **watumiaji wasio na uthibitisho wana privileges**, ikionyesha **udhaifu wa usalama** ambao unaweza kuwa na haki ya **bounty**. Vivyo hivyo, **privileges zisizotarajiwa kwa watumiaji waliothibitishwa** pia zinaonyesha **udhaifu**.
**Sasisho** muhimu lilifanywa tarehe **1 Februari 2019**, likihitaji endpoint 'mypermissions' kujumuisha **'parameter ya ruhusa'**. Mahitaji haya yanakusudia **kuimarisha usalama** kwa kubainisha privileges zinazoulizwa: [check it here](https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter)
@ -74,14 +74,14 @@ Mfano: `https://your-domain.atlassian.net/rest/api/2/mypermissions?permissions=B
#Check non-authenticated privileges
curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'
```
### Automated enumeration
## Automated enumeration
* [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe)
* [https://github.com/bcoles/jira\_scan](https://github.com/bcoles/jira\_scan)
## Atlasian Plugins
Kama ilivyoonyeshwa katika [**blog**](https://cyllective.com/blog/posts/atlassian-audit-plugins), katika hati kuhusu [Plugin modules ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/plugin-modules/) inawezekana kuangalia aina tofauti za plugins, kama:
Kama ilivyoonyeshwa katika [**blog**](https://cyllective.com/blog/posts/atlassian-audit-plugins) hii, katika nyaraka kuhusu [Plugin modules ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/plugin-modules/) inawezekana kuangalia aina tofauti za plugins, kama:
* [REST Plugin Module ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/rest-plugin-module): Fichua ncha za API za RESTful
* [Servlet Plugin Module ↗](https://developer.atlassian.com/server/framework/atlassian-sdk/servlet-plugin-module/): Weka servlets za Java kama sehemu ya plugin
@ -112,15 +112,26 @@ public BodyType getBodyType() { return BodyType.NONE; }
public OutputType getOutputType() { return OutputType.BLOCK; }
}
```
Ni rahisi kuona kwamba hizi plugins zinaweza kuwa na udhaifu kwa udhaifu wa kawaida wa wavuti kama XSS. Kwa mfano, mfano wa awali una udhaifu kwa sababu unarejelea data iliyotolewa na mtumiaji. 
Ni rahisi kuona kwamba hizi plugins zinaweza kuwa na udhaifu wa kawaida wa wavuti kama XSS. Kwa mfano, mfano wa awali una udhaifu kwa sababu unarejelea data iliyotolewa na mtumiaji. 
Mara XSS inapopatikana, katika [**hii github repo**](https://github.com/cyllective/XSS-Payloads/tree/main/Confluence) unaweza kupata baadhi ya payloads za kuongeza athari ya XSS.
Mara XSS inapopatikana, katika [**hii github repo**](https://github.com/cyllective/XSS-Payloads/tree/main/Confluence) unaweza kupata baadhi ya payloads za kuongeza athari za XSS.
## Backdoor Plugin
[**Post hii**](https://cyllective.com/blog/posts/atlassian-malicious-plugin) inaelezea vitendo tofauti (vibaya) ambavyo vinaweza kufanywa na plugin mbaya ya Jira. Unaweza kupata [**mfano wa code katika repo hii**](https://github.com/cyllective/malfluence).
Haya ni baadhi ya vitendo ambavyo plugin mbaya inaweza kufanya:
* **Kuficha Plugins kutoka kwa Wasimamizi**: Inawezekana kuficha plugin mbaya kwa kuingiza javascript ya mbele.
* **Kuchukua Viambatisho na Kurasa**: Ruhusu kufikia na kuchukua data yote.
* **Kuhujumu Token za Session**: Ongeza endpoint ambayo itarejelea vichwa katika jibu (pamoja na cookie) na javascript fulani ambayo itawasiliana nayo na kuvuja cookies.
* **Kutekeleza Amri**: Bila shaka inawezekana kuunda plugin ambayo itatekeleza code.
* **Reverse Shell**: Au kupata reverse shell.
* **DOM Proxying**: Ikiwa confluence iko ndani ya mtandao wa kibinafsi, itakuwa inawezekana kuanzisha muunganisho kupitia kivinjari cha mtumiaji yeyote mwenye ufikiaji wa hiyo na kwa mfano kuwasiliana na seva ikitekeleza amri kupitia hiyo.
<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
Ikiwa unavutiwa na **kazi ya uhalifu** na kuhack yasiyoweza kuhackika - **tunatafuta wafanyakazi!** (_kuandika na kuzungumza kwa kiswahili vizuri kunahitajika_).
Ikiwa unavutiwa na **kazi ya uhalifu** na kuhack yasiyoweza kuhackwa - **tunatafuta wafanyakazi!** (_kuandika na kuzungumza kwa ufasaha kwa kipolandi kunahitajika_).
{% embed url="https://www.stmcyber.com/careers" %}
@ -133,8 +144,8 @@ Jifunze & fanya mazoezi ya GCP Hacking: <img src="../../.gitbook/assets/grte.png
<summary>Support HackTricks</summary>
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za uhalifu kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **fuata** sisi kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki hila za uhalifu kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}