Extracting credentials from App Service

#azure #cloudsecurity #pentest

*Test at your own risk

1.Use the Get-AzPasswords function to perform a dump of credentials for App Service:

Get-AzPasswords -AutomationAccounts N -StorageAccounts N -Keys N -ACR N -CosmosDB N - Verbose | Out-GridView

2.When prompted to select an Azure subscription, select your test Azure subscription and click OK.

3.In the resulting output, you should see credentials that were dumped from the App service configurations.

Now that we have access to the app service publish profile, we will see how these credentials can be used with the application.

Reference
https://github.com/cheahengsoon/Penetration-Testing-Azure-for-Ethical-Hackers

Top comments (0)

This Month in Azure Static Web Apps | 08/2024

Glaucia Lemos - Sep 26

Publish Dacpac to Azure SQL with Entra-only authentication using GitHub Actions

Massimiliano Donini - Aug 23

What is a polyglot in Hacking

Mrhili Mohamed Amine - Sep 13

Let’s talk about some cool Azure AI Speech SDK/API Endpoint

femolacaster - Sep 24

DEV Community