Extracting credentials from App Service

#azure #cloudsecurity #pentest

*Test at your own risk

1.Use the Get-AzPasswords function to perform a dump of credentials for App Service:

Get-AzPasswords -AutomationAccounts N -StorageAccounts N -Keys N -ACR N -CosmosDB N - Verbose | Out-GridView

2.When prompted to select an Azure subscription, select your test Azure subscription and click OK.

3.In the resulting output, you should see credentials that were dumped from the App service configurations.

Now that we have access to the app service publish profile, we will see how these credentials can be used with the application.

Reference
https://github.com/cheahengsoon/Penetration-Testing-Azure-for-Ethical-Hackers

Top comments (0)

Access Microsoft 365 resources from custom on premise application

Kinga - Oct 29

Why Students Should Explore Microsoft Azure: The Cloud Platform for Your Future 🚀

Mahrukh Adeel - Oct 19

🚀 Azure DevOps vs GitHub Actions: A Comprehensive Guide with Examples & Performance Metrics ⚙️

Hamza Khan - Oct 15

user-defined type in Azure Bicep, an introduction

Olivier Miossec - Oct 14

DEV Community