Gathering Subscription access information with PowerZure

This content originally appeared on DEV Community and was authored by Eng Soon Cheah

*Test at your own risk

1.In an Az PowerShell module-authenticated PowerShell session on your machine, download PowerZure using the following commands:

PS C:\> cd C:\Users\$env:USERNAME
PS C:\> git clone https://github.com/hausec/PowerZure.git

Output

2.Import the PowerZure module into your PowerShell session with the following commands. If prompted to install the Azure AD module, type Y and press Enter. Close and re-open the PowerShell console:

3.If you installed the Azure AD module, open a new PowerShell session and use the following commands to re-import PowerZure into the PowerShell console.

PS C:\> cd C:\Users\$env:USERNAME\PowerZure
PS C:\> Import-Module .\PowerZure.ps1

After the module is imported, it will list your current role (Reader) and available subscription. This is useful reconnaissance information.

• AADRoles: Shows the role that the current user is assigned in Azure AD
• AzureRoles: Shows the Azure RBAC role assignments and scopes for the user.
• Available Subscriptions: Shows the subscriptions that the user has some level of permission to. This information is useful to see whether there are opportunities to move laterally to other subscriptions using this user account.

4.To see a list of all the available functions in PowerZure, run the following command.

5.Part of enumerating the attack surface area is determining the actual access that a credential had and its level of access(read/write/execute). PowerZure had a function called Get-AzureTargets that we can use for this purpose. This function compared the user role to the Azure scope to make this determination. You can run the function using the following command.

While the Get-AzTargets function of PowerZure is a great way to understand the scope of access that a user has, and the resources that they have access to, MicroBurst also collects this information into flat files for the review of an entire subscription. Each tool has its own benefits, and different situations will call for different tools.

Reference:
https://github.com/PacktPublishing/Penetration-Testing-Azure-for-Ethical-Hackers

This content originally appeared on DEV Community and was authored by Eng Soon Cheah

Print Share Comment Cite Upload Translate Updates

APA

Eng Soon Cheah | Sciencx (2022-03-31T16:04:42+00:00) Gathering Subscription access information with PowerZure. Retrieved from https://www.scien.cx/2022/03/31/gathering-subscription-access-information-with-powerzure/

MLA

" » Gathering Subscription access information with PowerZure." Eng Soon Cheah | Sciencx - Thursday March 31, 2022, https://www.scien.cx/2022/03/31/gathering-subscription-access-information-with-powerzure/

HARVARD

Eng Soon Cheah | Sciencx Thursday March 31, 2022 » Gathering Subscription access information with PowerZure., viewed ,<https://www.scien.cx/2022/03/31/gathering-subscription-access-information-with-powerzure/>

VANCOUVER

Eng Soon Cheah | Sciencx - » Gathering Subscription access information with PowerZure. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2022/03/31/gathering-subscription-access-information-with-powerzure/

CHICAGO

" » Gathering Subscription access information with PowerZure." Eng Soon Cheah | Sciencx - Accessed . https://www.scien.cx/2022/03/31/gathering-subscription-access-information-with-powerzure/

IEEE

" » Gathering Subscription access information with PowerZure." Eng Soon Cheah | Sciencx [Online]. Available: https://www.scien.cx/2022/03/31/gathering-subscription-access-information-with-powerzure/. [Accessed: ]

rf:citation

» Gathering Subscription access information with PowerZure | Eng Soon Cheah | Sciencx | https://www.scien.cx/2022/03/31/gathering-subscription-access-information-with-powerzure/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.