Azure Pentesting

Last modified: 2024-12-18

Install Azure CLI

To pentesting Azure, we need to install Azure CLI on our machine. See https://learn.microsoft.com/en-us/cli/azure/install-azure-cli for details.

Additionally, the Az PowerShell module is useful.

Import-Module -Name Az

Azure Blob Storage

Azure Blob Storage stores static files in the URL: https://<account>.blob.core.windows.net/.
We can enumerate the target storage by accessing the following URLs in browser:

# Enumerate detailed information for the storage
https://<account>.blob.core.windows.net/<container>?restype=container&comp=list

# Enumerate directories
https://<account>.blob.core.windows.net/<container>?restype=container&comp=list&delimiter=%2F

# Enumerate version information
https://<account>.blob.core.windows.net/<container>?restype=container&comp=list&include=versions
# Specify version
https://<account>.blob.core.windows.net/<container>/example.txt?versionid=2021-09-20T12:34:56.789Z

Active Directory

Resources: Microsoft Docs

# Get signin user
Get-AzADUser -SignedIn

# List users
Get-AzADUser -First 10 -Select 'City' -AppendSelected

References

https://pwnedlabs.io/labs/azure-blob-container-to-initial-access

Others

Azure Pentesting

Install Azure CLI

Azure Blob Storage

Active Directory

References

ON THIS PAGE