hacktricks-cloud/src/pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-vms-unauth.md

Az - VMs Unauth

{{#include ../../../banners/hacktricks-training.md}}

Virtual Machines

For more info about Azure Virtual Machines check:

{{#ref}} ../az-services/vms/ {{#endref}}

Exposed vulnerable service

A network service that is vulnerable to some RCE.

Public Gallery Images

A public image might have secrets inside of it:

# List all community galleries
az sig list-community --output table

# Search by publisherUri
az sig list-community --output json --query "[?communityMetadata.publisherUri=='https://3nets.io']"

Public Extensions

This would be more weird but not impossible. A big company might put an extension with sensitive data inside of it:

# It takes some mins to run
az vm extension image list --output table

# Get extensions by publisher
az vm extension image list --publisher "Site24x7" --output table

{{#include ../../../banners/hacktricks-training.md}}