hacktricks-cloud/pentesting-cloud/azure-security/az-persistence/az-vms-persistence.md

Az - VMs Persistence

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

VMs persistence

For more information about VMs check:

{% content-ref url="../az-services/vms/" %} vms {% endcontent-ref %}

Backdoor VM applications, VM Extensions & Images

An attacker identifies applications, extensions or images being frequently used in the Azure account, he could insert his code in VM applications and extensions so every time they get installed the backdoor is executed.

Backdoor Instances

An attacker could get access to the instances and backdoor them:

• Using a traditional rootkit for example
• Adding a new public SSH key (check EC2 privesc options)
• Backdooring the User Data

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}