MicroBurst
MicroBurst includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. It is intended to be used during penetration tests where Azure is in use.
Installation
Import-Module .\MicroBurst.psm1
dir -Recurse .\MicroBurst-master | Unblock-FileRecommended Modules to install:
- Az -
Install-Module -Name Az - AzureAd -
Install-Module -Name AzureAD - MSOnline -
Install-Module -Name MSOnline
If you haven’t configured the use of PowerShell Gallery, please look at PowerShell - Enable repository use
Examples
EnumerateAzureSubDomains
Enumeration script for Azure subdomains.
. .\InvokeEnumerateAzureSubDomains.ps1
Invoke-EnumerateAzureSubDomains -Base <TENANT NAME> -VerbosePS > Invoke-EnumerateAzureSubDomains -Base offsec -Verbose
VERBOSE: No permutations file found
VERBOSE: Found offsec.onmicrosoft.com
VERBOSE: Found offsec.mail.protection.outlook.com
VERBOSE: Found offsec.sharepoint.com
Subdomain Service
--------- -------
offsec.mail.protection.outlook.com Email
offsec.onmicrosoft.com Microsoft Hosted Domain
offsec.sharepoint.com SharePointURL List
Related blogs
- A Beginners Guide to Gathering Azure Passwords
- Anonymously Enumerating Azure Services
- Anonymously Enumerating Azure File Resources
- Get-AzurePasswords: Exporting Azure RunAs Certificates for Persistence
- Using Azure Automation Accounts to Access Key Vaults
- Running PowerShell on Azure VMs at Scale
- Maintaining Azure Persistence via Automation Accounts
- Decrypting Azure VM Extension Settings with Get-AzureVMExtensionSettings
- Attacking Azure with Custom Script Extensions
- Lateral Movement in Azure App Services
- Get-AzPasswords: Encrypting Automation Password Data
- Azure Privilege Escalation Using Managed Identities
- Giving Azure a REST – Expanding REST API Capabilities
- Azure Persistence with Desired State Configurations