*Test at your own risk
1.In an authenticated Az module PowerShell session on your machine, import the MicroBurst module using the following commands. If you get a non-fatal error about MSOnline, you can ignore it as that module is not installed on the machine it is not used.
PS C:\> cd C:\Users\$env:USERNAME\MicroBurst
PS C:\> Import-Module .\MicrosBurst.psm1
2.Create a folder to store the output of the function that we are about to run using the following command.
PS C:\> New-Item -Name "microburst-output" -ItemType "directory"
3.Run the MicroBurst function to enumerate the Azure subscription using the following command. When a windows opens displaying the subscription, click OK to proceed.
PS C:\> Get-AzDomainInfo -Verboes -Folder microburst-output
The function will output the enumerated results in CSV and the text files will be stored in the specified output folder.
4.Open the output folder using the following command. This will open the microburst-output folder in File Explorer.
PS C:\> explorer microburst-output
You will see a single folder called Az in the opened view.
5.Review the contents of the files and folders specified as follows. The content contains the resource inventory collected by the function (you can open the CSV files with Visual Studio Code):
- Az-> (in our case, our subscription is called Development, but this will be different for you)-> PublicIPs.csv
- Az->->Resources
- Az->-> Virtual Machine
The information can be parsed to obtain external targets that are provisioned in the subscription (App Service applications ,storage accounts ,public IP addresses and domains). The information can then be used to target hosted services for vulnerability assessments or misconfigurations.
6.Review the contents of the files specified as follows. The content contains the user list collected by the function:
Az->->Users.csv
Useful information such as usernames, email addresses, account type, and target credential guessing or phishing attacks.
7.Review the contents of the folder specified as follows. The content contains lists of privileged users collected by the function:
Az->-> RBAC
These users can be targeted for credential theft attacks to escalate privileges.
The MicroBurst function that we used -Get-AzDomainInfo- is a powerful authenticated enumeration tool. It does more than what we are able to review here.You can review the contents of Az directory to see other enumerated output results.
Reference:
https://github.com/cheahengsoon/Penetration-Testing-Azure-for-Ethical-Hackers
Top comments (0)