mirror of
https://github.com/carlospolop/hacktricks
synced 2025-01-10 12:18:52 +00:00
89 lines
4.5 KiB
Markdown
89 lines
4.5 KiB
Markdown
<details>
|
|
|
|
<summary><strong>Aprende hacking en AWS de cero a héroe con</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Otras formas de apoyar a HackTricks:
|
|
|
|
* Si quieres ver a tu **empresa anunciada en HackTricks** o **descargar HackTricks en PDF**, consulta los [**PLANES DE SUSCRIPCIÓN**](https://github.com/sponsors/carlospolop)!
|
|
* Consigue el [**merchandising oficial de PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Descubre [**La Familia PEASS**](https://opensea.io/collection/the-peass-family), nuestra colección de [**NFTs**](https://opensea.io/collection/the-peass-family) exclusivos
|
|
* **Únete al** 💬 [**grupo de Discord**](https://discord.gg/hRep4RUj7f) o al [**grupo de telegram**](https://t.me/peass) o **sígueme** en **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
|
* **Comparte tus trucos de hacking enviando PRs a los repositorios de github de** [**HackTricks**](https://github.com/carlospolop/hacktricks) y [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud).
|
|
|
|
</details>
|
|
|
|
|
|
## Verificar Privilegios
|
|
|
|
Dentro de una instancia de Jira **cualquier usuario** (incluso **no autenticados**) puede **verificar sus privilegios** en `/rest/api/2/mypermissions` o `/rest/api/3/mypermissions`. Estos endpoints devolverán tus privilegios actuales.\
|
|
Si un usuario **no autenticado** tiene algún **privilegio**, esto es una **vulnerabilidad** (¿recompensa?).\
|
|
Si un usuario **autenticado** tiene algún **privilegio inesperado**, esto es una **vuln**.
|
|
|
|
Actualización: A partir del 1 de febrero de 2019, - el endpoint 'mypermissions' requiere un parámetro 'permission' con uno de los siguientes parámetros
|
|
[https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter](https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter)
|
|
- ADD_COMMENTS
|
|
- ADMINISTER
|
|
- ADMINISTER_PROJECTS
|
|
- ASSIGNABLE_USER
|
|
- ASSIGN_ISSUES
|
|
- BROWSE_PROJECTS
|
|
- BULK_CHANGE
|
|
- CLOSE_ISSUES
|
|
- CREATE_ATTACHMENTS
|
|
- CREATE_ISSUES
|
|
- CREATE_PROJECT
|
|
- CREATE_SHARED_OBJECTS
|
|
- DELETE_ALL_ATTACHMENTS
|
|
- DELETE_ALL_COMMENTS
|
|
- DELETE_ALL_WORKLOGS
|
|
- DELETE_ISSUES
|
|
- DELETE_OWN_ATTACHMENTS
|
|
- DELETE_OWN_COMMENTS
|
|
- DELETE_OWN_WORKLOGS
|
|
- EDIT_ALL_COMMENTS
|
|
- EDIT_ALL_WORKLOGS
|
|
- EDIT_ISSUES
|
|
- EDIT_OWN_COMMENTS
|
|
- EDIT_OWN_WORKLOGS
|
|
- LINK_ISSUES
|
|
- MANAGE_GROUP_FILTER_SUBSCRIPTIONS
|
|
- MANAGE_SPRINTS_PERMISSION
|
|
- MANAGE_WATCHERS
|
|
- MODIFY_REPORTER
|
|
- MOVE_ISSUES
|
|
- RESOLVE_ISSUES
|
|
- SCHEDULE_ISSUES
|
|
- SET_ISSUE_SECURITY
|
|
- SYSTEM_ADMIN
|
|
- TRANSITION_ISSUES
|
|
- USER_PICKER
|
|
- VIEW_AGGREGATED_DATA
|
|
- VIEW_DEV_TOOLS
|
|
- VIEW_READONLY_WORKFLOW
|
|
- VIEW_VOTERS_AND_WATCHERS
|
|
- WORK_ON_ISSUES
|
|
|
|
Ejemplo: `https://your-domain.atlassian.net/rest/api/2/mypermissions?permissions=BROWSE_PROJECTS,CREATE_ISSUES,ADMINISTER_PROJECTS`
|
|
```bash
|
|
#Check non-authenticated privileges
|
|
curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'
|
|
```
|
|
## Enumeración automatizada
|
|
|
|
* [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe)
|
|
* [https://github.com/bcoles/jira\_scan](https://github.com/bcoles/jira\_scan)
|
|
|
|
|
|
<details>
|
|
|
|
<summary><strong>Aprende hacking en AWS de cero a héroe con</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Otras formas de apoyar a HackTricks:
|
|
|
|
* Si quieres ver a tu **empresa anunciada en HackTricks** o **descargar HackTricks en PDF**, consulta los [**PLANES DE SUSCRIPCIÓN**](https://github.com/sponsors/carlospolop)!
|
|
* Consigue el [**merchandising oficial de PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Descubre [**La Familia PEASS**](https://opensea.io/collection/the-peass-family), nuestra colección de [**NFTs**](https://opensea.io/collection/the-peass-family) exclusivos
|
|
* **Únete al** 💬 [**grupo de Discord**](https://discord.gg/hRep4RUj7f) o al [**grupo de telegram**](https://t.me/peass) o **sigue** a **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
|
* **Comparte tus trucos de hacking enviando PRs a los repositorios de github de** [**HackTricks**](https://github.com/carlospolop/hacktricks) y [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud).
|
|
|
|
</details>
|