Merge pull request #558 from BloodHoundAD/az_help_modals

Az help modals

src/AppContainer.jsx

@@ -38,12 +38,20 @@ const fullEdgeList = [
     'SQLAdmin',
     'HasSIDHistory',
     'AZAddMembers',
+    'AZAddSecret',
+    'AZAvereContributor',
     'AZContains',
     'AZContributor',
+    'AZExecuteCommand',
     'AZGetCertificates',
     'AZGetKeys',
     'AZGetSecrets',
     'AZGlobalAdmin',
+    'AZGrant',
+    'AZGrantSelf',
+    'AZHasRole',
+    'AZMemberOf',
+    'AZOwner',
     'AZOwns',
     'AZPrivilegedRoleAdmin',
     'AZResetPassword',
@@ -52,6 +60,7 @@ const fullEdgeList = [
     'AZCloudAppAdmin',
     'AZRunsAs',
     'AZKeyVaultContributor',
+    'AZVMAdminLogin',
     'Contains',
     'GPLink',
     'AllExtendedRights',

src/components/Modals/HelpModal.jsx

@@ -29,11 +29,19 @@ import HasSIDHistory from './HelpTexts/HasSIDHistory/HasSIDHistory';
 import TrustedBy from './HelpTexts/TrustedBy/TrustedBy';
 import CanPSRemote from './HelpTexts/CanPSRemote/CanPSRemote';
 import AZAddMembers from './HelpTexts/AZAddMembers/AZAddMembers';
+import AZAddSecret from './HelpTexts/AZAddSecret/AZAddSecret';
+import AZAvereContributor from './HelpTexts/AZAvereContributor/AZAvereContributor';
 import AZContains from './HelpTexts/AZContains/AZContains';
 import AZContributor from './HelpTexts/AZContributor/AZContributor';
+import AZExecuteCommand from './HelpTexts/AZExecuteCommand/AZExecuteCommand';
 import AZGetCertificates from './HelpTexts/AZGetCertificates/AZGetCertificates';
 import AZGetKeys from './HelpTexts/AZGetKeys/AZGetKeys';
 import AZGetSecrets from './HelpTexts/AZGetSecrets/AZGetSecrets';
+import AZGrant from './HelpTexts/AZGrant/AZGrant';
+import AZGrantSelf from './HelpTexts/AZGrantSelf/AZGrantSelf';
+import AZHasRole from './HelpTexts/AZHasRole/AZHasRole';
+import AZMemberOf from './HelpTexts/AZMemberOf/AZMemberOf';
+import AZOwner from './HelpTexts/AZOwner/AZOwner';
 import AZOwns from './HelpTexts/AZOwns/AZOwns';
 import AZPrivilegedRoleAdmin from './HelpTexts/AZPrivilegedRoleAdmin/AZPrivilegedRoleAdmin';
 import AZResetPassword from './HelpTexts/AZResetPassword/AZResetPassword';
@@ -42,6 +50,7 @@ import AZGlobalAdmin from './HelpTexts/AZGlobalAdmin/AZGlobalAdmin';
 import AZAppAdmin from './HelpTexts/AZAppAdmin/AZAppAdmin';
 import AZCloudAppAdmin from './HelpTexts/AZCloudAppAdmin/AZCloudAppAdmin';
 import AZRunsAs from './HelpTexts/AZRunsAs/AZRunsAs';
+import AZVMAdminLogin from './HelpTexts/AZVMAdminLogin/AZVMAdminLogin';
 import AZVMContributor from './HelpTexts/AZVMContributor/AZVMContributor';
 import Default from './HelpTexts/Default/Default';
 import WriteSPN from "./HelpTexts/WriteSPN/WriteSPN";
@@ -113,11 +122,19 @@ const HelpModal = () => {
         TrustedBy: TrustedBy,
         CanPSRemote: CanPSRemote,
         AZAddMembers: AZAddMembers,
+        AZAddSecret: AZAddSecret,
+        AZAvereContributor: AZAvereContributor,
         AZContains: AZContains,
         AZContributor: AZContributor,
+        AZExecuteCommand: AZExecuteCommand,
         AZGetCertificates: AZGetCertificates,
         AZGetKeys: AZGetKeys,
         AZGetSecrets: AZGetSecrets,
+        AZGrant: AZGrant,
+        AZGrantSelf: AZGrantSelf,
+        AZHasRole: AZHasRole,
+        AZMemberOf: AZMemberOf,
+        AZOwner: AZOwner,
         AZOwns: AZOwns,
         AZPrivilegedRoleAdmin: AZPrivilegedRoleAdmin,
         AZResetPassword: AZResetPassword,
@@ -126,6 +143,7 @@ const HelpModal = () => {
         AZAppAdmin: AZAppAdmin,
         AZCloudAppAdmin: AZCloudAppAdmin,
         AZRunsAs: AZRunsAs,
+        AZVMAdminLogin: AZVMAdminLogin,
         AZVMContributor: AZVMContributor,
         WriteSPN: WriteSPN,
         AddSelf: AddSelf,

src/components/Modals/HelpTexts/AZAddSecret/AZAddSecret.jsx

@@ -0,0 +1,57 @@
+import React from 'react';
+import PropTypes from 'prop-types';
+import { Tabs, Tab } from 'react-bootstrap';
+import General from './General';
+import Abuse from './Abuse';
+import Opsec from './Opsec';
+import References from './References';
+
+const AZAddSecret = ({
+    sourceName,
+    sourceType,
+    targetName,
+    targetType,
+}) => {
+    return (
+        <Tabs defaultActiveKey={1} id='help-tab-container' justified>
+            <Tab
+                eventKey={1}
+                title='Info'
+                dangerouslySetInnerHTML={General(
+                    sourceName,
+                    sourceType,
+                    targetName,
+                    targetType
+                )}
+            />
+            <Tab
+                eventKey={2}
+                title='Abuse Info'
+                dangerouslySetInnerHTML={Abuse(
+                    sourceName,
+                    sourceType,
+                    targetName,
+                    targetType
+                )}
+            />
+            <Tab
+                eventKey={3}
+                title='Opsec Considerations'
+                dangerouslySetInnerHTML={Opsec()}
+            />
+            <Tab
+                eventKey={4}
+                title='References'
+                dangerouslySetInnerHTML={References()}
+            />
+        </Tabs>
+    );
+};
+
+AZAddSecret.propTypes = {
+    sourceName: PropTypes.string,
+    sourceType: PropTypes.string,
+    targetName: PropTypes.string,
+    targetType: PropTypes.string,
+};
+export default AZAddSecret;

src/components/Modals/HelpTexts/AZAddSecret/Abuse.jsx

@@ -0,0 +1,6 @@
+const Abuse = (sourceName, sourceType, targetName, targetType) => {
+    let text = ``;
+    return { __html: text };
+};
+
+export default Abuse;

src/components/Modals/HelpTexts/AZAddSecret/General.jsx

@@ -0,0 +1,11 @@
+import { groupSpecialFormat} from '../Formatter';
+
+const General = (sourceName, sourceType, targetName, targetType) => {
+    let text = `Azure provides several systems and mechanisms for granting control of securable objects within Azure Active Directory, including tenant-scoped admin roles, object-scoped admin roles, explicit object ownership, and API permissions.
+
+    When a principal has been granted "Cloud App Admin" or "App Admin" against the tenant, that principal gains the ability to add new secrets to all Service Principals and App Registrations. Additionally, a principal that has been granted "Cloud App Admin" or "App Admin" against, or explicit ownership of a Service Principal or App Registration gains the ability to add secrets to that particular object.
+    `;
+    return { __html: text };
+};
+
+export default General;

src/components/Modals/HelpTexts/AZAddSecret/Opsec.jsx

@@ -0,0 +1,6 @@
+const Opsec = () => {
+    let text = ``;
+    return { __html: text };
+};
+
+export default Opsec;

src/components/Modals/HelpTexts/AZAddSecret/References.jsx

@@ -0,0 +1,8 @@
+const References = () => {
+    let text = `<a href="https://attack.mitre.org/techniques/T1098/">ATT&CK T1098: Account Manipulation</a>
+    <a href="https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5">Andy Robbins - Azure Privilege Escalation via Service Principal Abuse</a>
+    <a href="https://docs.microsoft.com/en-us/azure/active-directory/roles/assign-roles-different-scopes">Assign Azure AD roles at different scopes</a>`;
+    return { __html: text };
+};
+
+export default References;

src/components/Modals/HelpTexts/AZAvereContributor/AZAvereContributor.jsx

@@ -0,0 +1,57 @@
+import React from 'react';
+import PropTypes from 'prop-types';
+import { Tabs, Tab } from 'react-bootstrap';
+import General from './General';
+import Abuse from './Abuse';
+import Opsec from './Opsec';
+import References from './References';
+
+const AZAvereContributor = ({
+    sourceName,
+    sourceType,
+    targetName,
+    targetType,
+}) => {
+    return (
+        <Tabs defaultActiveKey={1} id='help-tab-container' justified>
+            <Tab
+                eventKey={1}
+                title='Info'
+                dangerouslySetInnerHTML={General(
+                    sourceName,
+                    sourceType,
+                    targetName,
+                    targetType
+                )}
+            />
+            <Tab
+                eventKey={2}
+                title='Abuse Info'
+                dangerouslySetInnerHTML={Abuse(
+                    sourceName,
+                    sourceType,
+                    targetName,
+                    targetType
+                )}
+            />
+            <Tab
+                eventKey={3}
+                title='Opsec Considerations'
+                dangerouslySetInnerHTML={Opsec()}
+            />
+            <Tab
+                eventKey={4}
+                title='References'
+                dangerouslySetInnerHTML={References()}
+            />
+        </Tabs>
+    );
+};
+
+AZAvereContributor.propTypes = {
+    sourceName: PropTypes.string,
+    sourceType: PropTypes.string,
+    targetName: PropTypes.string,
+    targetType: PropTypes.string,
+};
+export default AZAvereContributor;

src/components/Modals/HelpTexts/AZAvereContributor/Abuse.jsx

@@ -0,0 +1,6 @@
+const Abuse = (sourceName, sourceType, targetName, targetType) => {
+    let text = ``;
+    return { __html: text };
+};
+
+export default Abuse;

src/components/Modals/HelpTexts/AZAvereContributor/General.jsx

@@ -0,0 +1,6 @@
+const General = (sourceName, sourceType, targetName, targetType) => {
+    let text = `Any principal granted the Avere Contributor role, scoped to the affected VM, can reset the built-in administrator password on the VM.`;
+    return { __html: text };
+};
+
+export default General;

src/components/Modals/HelpTexts/AZAvereContributor/Opsec.jsx

@@ -0,0 +1,6 @@
+const Opsec = () => {
+    let text = `Azure will log each password reset event, including who performed the reset, against which account, and at what date and time.`;
+    return { __html: text };
+};
+
+export default Opsec;

src/components/Modals/HelpTexts/AZAvereContributor/References.jsx

@@ -0,0 +1,8 @@
+const References = () => {
+    let text = `<a href="https://attack.mitre.org/tactics/TA0008/">ATT&CK T0008: Lateral Movement</a>
+    <a href="https://attack.mitre.org/techniques/T1021/">ATT&CK T1021: Remote Services</a>
+    <a href="https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#avere-contributor">Microsoft Docs - Avere Contributor</a>`;
+    return { __html: text };
+};
+
+export default References;

src/components/Modals/HelpTexts/AZExecuteCommand/AZExecuteCommand.jsx

@@ -0,0 +1,57 @@
+import React from 'react';
+import PropTypes from 'prop-types';
+import { Tabs, Tab } from 'react-bootstrap';
+import General from './General';
+import Abuse from './Abuse';
+import Opsec from './Opsec';
+import References from './References';
+
+const AZExecuteCommand = ({
+    sourceName,
+    sourceType,
+    targetName,
+    targetType,
+}) => {
+    return (
+        <Tabs defaultActiveKey={1} id='help-tab-container' justified>
+            <Tab
+                eventKey={1}
+                title='Info'
+                dangerouslySetInnerHTML={General(
+                    sourceName,
+                    sourceType,
+                    targetName,
+                    targetType
+                )}
+            />
+            <Tab
+                eventKey={2}
+                title='Abuse Info'
+                dangerouslySetInnerHTML={Abuse(
+                    sourceName,
+                    sourceType,
+                    targetName,
+                    targetType
+                )}
+            />
+            <Tab
+                eventKey={3}
+                title='Opsec Considerations'
+                dangerouslySetInnerHTML={Opsec()}
+            />
+            <Tab
+                eventKey={4}
+                title='References'
+                dangerouslySetInnerHTML={References()}
+            />
+        </Tabs>
+    );
+};
+
+AZExecuteCommand.propTypes = {
+    sourceName: PropTypes.string,
+    sourceType: PropTypes.string,
+    targetName: PropTypes.string,
+    targetType: PropTypes.string,
+};
+export default AZExecuteCommand;

src/components/Modals/HelpTexts/AZExecuteCommand/Abuse.jsx

@@ -0,0 +1,6 @@
+const Abuse = (sourceName, sourceType, targetName, targetType) => {
+    let text = ``;
+    return { __html: text };
+};
+
+export default Abuse;

src/components/Modals/HelpTexts/AZExecuteCommand/General.jsx

@@ -0,0 +1,8 @@
+import { groupSpecialFormat} from '../Formatter';
+
+const General = (sourceName, sourceType, targetName, targetType) => {
+    let text = ``;
+    return { __html: text };
+};
+
+export default General;

src/components/Modals/HelpTexts/AZExecuteCommand/Opsec.jsx

@@ -0,0 +1,6 @@
+const Opsec = () => {
+    let text = ``;
+    return { __html: text };
+};
+
+export default Opsec;

src/components/Modals/HelpTexts/AZExecuteCommand/References.jsx

@@ -0,0 +1,8 @@
+const References = () => {
+    let text = `
+    <a href="https://attack.mitre.org/tactics/TA0002/">MITRE: Execution</a>
+    <a href="https://blog.netspi.com/attacking-azure-with-custom-script-extensions/">Attacking Azure with custom script extensions</a>`;
+    return { __html: text };
+};
+
+export default References;