mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-24 20:13:37 +00:00
93 lines
5.4 KiB
Markdown
93 lines
5.4 KiB
Markdown
<details>
|
|
|
|
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
|
|
|
- Você trabalha em uma **empresa de cibersegurança**? Quer ver sua **empresa anunciada no HackTricks**? ou quer ter acesso à **versão mais recente do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
|
|
|
|
- Descubra [**The PEASS Family**](https://opensea.io/collection/the-peass-family), nossa coleção de [**NFTs**](https://opensea.io/collection/the-peass-family) exclusivos
|
|
|
|
- Adquira o [**material oficial do PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
|
|
- **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo do Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo do telegram**](https://t.me/peass) ou **siga**-me no **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
|
|
- **Compartilhe suas técnicas de hacking enviando PRs para o repositório [hacktricks](https://github.com/carlospolop/hacktricks) e para o repositório [hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud)**.
|
|
|
|
</details>
|
|
|
|
|
|
## Verificar Privilégios
|
|
|
|
Dentro de uma instância Jira **qualquer usuário** (mesmo **não autenticado**) pode **verificar seus privilégios** em `/rest/api/2/mypermissions` ou `/rest/api/3/mypermissions`. Esses endpoints retornarão seus privilégios atuais.\
|
|
Se um usuário **não autenticado** tiver algum **privilégio**, isso é uma **vulnerabilidade** (bounty?).\
|
|
Se um usuário **autenticado** tiver algum **privilégio inesperado**, isso é uma **vuln**.
|
|
|
|
Atualização: A partir de 1º de fevereiro de 2019, - o endpoint 'mypermissions' requer um parâmetro 'permission' com um dos seguintes parâmetros
|
|
[https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter](https://developer.atlassian.com/cloud/jira/platform/change-notice-get-my-permissions-requires-permissions-query-parameter/#change-notice---get-my-permissions-resource-will-require-a-permissions-query-parameter)
|
|
- ADD_COMMENTS
|
|
- ADMINISTER
|
|
- ADMINISTER_PROJECTS
|
|
- ASSIGNABLE_USER
|
|
- ASSIGN_ISSUES
|
|
- BROWSE_PROJECTS
|
|
- BULK_CHANGE
|
|
- CLOSE_ISSUES
|
|
- CREATE_ATTACHMENTS
|
|
- CREATE_ISSUES
|
|
- CREATE_PROJECT
|
|
- CREATE_SHARED_OBJECTS
|
|
- DELETE_ALL_ATTACHMENTS
|
|
- DELETE_ALL_COMMENTS
|
|
- DELETE_ALL_WORKLOGS
|
|
- DELETE_ISSUES
|
|
- DELETE_OWN_ATTACHMENTS
|
|
- DELETE_OWN_COMMENTS
|
|
- DELETE_OWN_WORKLOGS
|
|
- EDIT_ALL_COMMENTS
|
|
- EDIT_ALL_WORKLOGS
|
|
- EDIT_ISSUES
|
|
- EDIT_OWN_COMMENTS
|
|
- EDIT_OWN_WORKLOGS
|
|
- LINK_ISSUES
|
|
- MANAGE_GROUP_FILTER_SUBSCRIPTIONS
|
|
- MANAGE_SPRINTS_PERMISSION
|
|
- MANAGE_WATCHERS
|
|
- MODIFY_REPORTER
|
|
- MOVE_ISSUES
|
|
- RESOLVE_ISSUES
|
|
- SCHEDULE_ISSUES
|
|
- SET_ISSUE_SECURITY
|
|
- SYSTEM_ADMIN
|
|
- TRANSITION_ISSUES
|
|
- USER_PICKER
|
|
- VIEW_AGGREGATED_DATA
|
|
- VIEW_DEV_TOOLS
|
|
- VIEW_READONLY_WORKFLOW
|
|
- VIEW_VOTERS_AND_WATCHERS
|
|
- WORK_ON_ISSUES
|
|
|
|
Exemplo: `https://your-domain.atlassian.net/rest/api/2/mypermissions?permissions=BROWSE_PROJECTS,CREATE_ISSUES,ADMINISTER_PROJECTS`
|
|
```bash
|
|
#Check non-authenticated privileges
|
|
curl https://jira.some.example.com/rest/api/2/mypermissions | jq | grep -iB6 '"havePermission": true'
|
|
```
|
|
## Enumeração Automatizada
|
|
|
|
* [https://github.com/0x48piraj/Jiraffe](https://github.com/0x48piraj/Jiraffe)
|
|
* [https://github.com/bcoles/jira\_scan](https://github.com/bcoles/jira\_scan)
|
|
|
|
|
|
<details>
|
|
|
|
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
|
|
|
- Você trabalha em uma **empresa de cybersecurity**? Quer ver sua **empresa anunciada no HackTricks**? ou quer ter acesso à **versão mais recente do PEASS ou baixar o HackTricks em PDF**? Confira os [**PLANOS DE ASSINATURA**](https://github.com/sponsors/carlospolop)!
|
|
|
|
- Descubra [**A Família PEASS**](https://opensea.io/collection/the-peass-family), nossa coleção de [**NFTs**](https://opensea.io/collection/the-peass-family) exclusivos
|
|
|
|
- Adquira o [**material oficial do PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
|
|
- **Junte-se ao** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo do Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo do telegram**](https://t.me/peass) ou **siga-me** no **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
|
|
- **Compartilhe suas técnicas de hacking enviando PRs para o [repositório hacktricks](https://github.com/carlospolop/hacktricks) e [repositório hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud)**.
|
|
|
|
</details>
|