diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md index 18e12a440b..12021efe19 100644 --- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md +++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md @@ -154,13 +154,30 @@ az rest --method PUT \ ### `Microsoft.Automation/automationAccounts/webhooks/write` -With the permission **`Microsoft.Automation/automationAccounts/webhooks/write`** it's possible to create a new Webhook for a Runbook inside an Automation Account using the following command. +With the permission **`Microsoft.Automation/automationAccounts/webhooks/write`** it's possible to create a new Webhook for a Runbook inside an Automation Account using one of the following commands. +With Azure Powershell: ```bash New-AzAutomationWebHook -Name -ResourceGroupName -AutomationAccountName -RunbookName -IsEnabled $true ``` -This command should return a webhook URI which is only displayed on creation. Then, to call the runbook using the webhook URI +With AzureCLI and REST: +```bash +az rest --method put \ + --uri "https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Automation/automationAccounts//webhooks/?api-version=2015-10-31" \ + --body '{ + "name": "", + "properties": { + "isEnabled": true, + "expiryTime": "2027-12-31T23:59:59+00:00", + "runOn": "", + "runbook": { + "name": "" + } + } + }' +``` +These commands should return a webhook URI which is only displayed on creation. Then, to call the runbook using the webhook URI ```bash curl -X POST "https://f931b47b-18c8-45a2-9d6d-0211545d8c02.webhook.eus.azure-automation.net/webhooks?token=Ts5WmbKk0zcuA8PEUD4pr%2f6SM0NWydiCDqCqS1IdzIU%3d" \