From b782a5ebb83167bc0c886067f3e09fb255be9e4d Mon Sep 17 00:00:00 2001 From: Jacob H <99051071+Jacob-Ham@users.noreply.github.com> Date: Sun, 18 Jan 2026 09:50:01 -0600 Subject: [PATCH 1/2] Added azure rest command for webhook creation. Clarified commands for creating webhooks in Azure Automation by adding the Azure CLI REST method. --- .../az-automation-accounts-privesc.md | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md index 18e12a440b..a0ab775370 100644 --- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md +++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md @@ -154,13 +154,29 @@ az rest --method PUT \ ### `Microsoft.Automation/automationAccounts/webhooks/write` -With the permission **`Microsoft.Automation/automationAccounts/webhooks/write`** it's possible to create a new Webhook for a Runbook inside an Automation Account using the following command. +With the permission **`Microsoft.Automation/automationAccounts/webhooks/write`** it's possible to create a new Webhook for a Runbook inside an Automation Account using one of the following commands. +With Azure Powershell: ```bash New-AzAutomationWebHook -Name -ResourceGroupName -AutomationAccountName -RunbookName -IsEnabled $true ``` -This command should return a webhook URI which is only displayed on creation. Then, to call the runbook using the webhook URI +With AzureCLI and REST: +```bash +az rest --method put \ + --uri "https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Automation/automationAccounts//webhooks/{webhook-name}?api-version=2015-10-31" \ + --body '{ + "name": "", + "properties": { + "isEnabled": true, + "expiryTime": "2027-12-31T23:59:59+00:00", + "runbook": { + "name": "" + } + } + }' +``` +These commands should return a webhook URI which is only displayed on creation. Then, to call the runbook using the webhook URI ```bash curl -X POST "https://f931b47b-18c8-45a2-9d6d-0211545d8c02.webhook.eus.azure-automation.net/webhooks?token=Ts5WmbKk0zcuA8PEUD4pr%2f6SM0NWydiCDqCqS1IdzIU%3d" \ From 9d5350dc2ebcfa9c2bb9ddd55de2953c46710126 Mon Sep 17 00:00:00 2001 From: Jacob H <99051071+Jacob-Ham@users.noreply.github.com> Date: Sun, 18 Jan 2026 10:14:15 -0600 Subject: [PATCH 2/2] Added runOn key for hybrid worker. Updated az rest command to specify hybrid worker with runOn --- .../az-privilege-escalation/az-automation-accounts-privesc.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md index a0ab775370..12021efe19 100644 --- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md +++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-automation-accounts-privesc.md @@ -164,12 +164,13 @@ New-AzAutomationWebHook -Name -ResourceGroupName -Aut With AzureCLI and REST: ```bash az rest --method put \ - --uri "https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Automation/automationAccounts//webhooks/{webhook-name}?api-version=2015-10-31" \ + --uri "https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Automation/automationAccounts//webhooks/?api-version=2015-10-31" \ --body '{ "name": "", "properties": { "isEnabled": true, "expiryTime": "2027-12-31T23:59:59+00:00", + "runOn": "", "runbook": { "name": "" }