PowerZure – PowerShell Framework To Assess Azure Security
For a listing of capabilities, their usage, and far more, look at out https://powerzure.readthedocs.io
What is PowerZure?
PowerZure is a PowerShell venture created to assess and exploit assets in Microsoft’s cloud platform, Azure. PowerZure was designed out of the will need for a framework that can equally carry out reconnaissance and exploitation of Azure, AzureAD, and the connected methods.
CLI vs. Portal
A typical issue is why use PowerZure or command line at all when you can just login to the Azure world-wide-web portal?
This is a fair issue and to be straightforward, you can attain 90% of the features in PowerZure by way of clicking close to in the portal, even so by applying the Azure PowerShell modules, you can conduct responsibilities programmatically that are tedious in the portal. E.g, listing the groups a person belongs to. In addition, the capacity to programmatically upload exploits as a substitute of tinkering about with the messy internet UI. Last but not least, if you compromise a person who has made use of the PowerShell module for Azure just before and are ready to steal the accesstoken.json file, you can impersonate that consumer which successfully bypasses multi-factor authentication.
Why PowerShell?
Although the offensive protection industry has seen a decrease in PowerShell use thanks to the enhancements of defensive products and solutions and solutions, this undertaking does not have any malicious code. PowerZure does not exploit bugs inside Azure, it exploits misconfigurations.
C# was also explored for creating this job but there were being two key difficulties:
-
There have been at minimum 4 distinct APIs becoming made use of for the undertaking. MSOL, Azure Rest, Azure SDK, Graph.
-
The documentation for these APIs simply was as well poor to carry on. Overall procedures missing, namespaces typo’d, and other issues begged the issue of what edge did C# give about PowerShell (Answer: none)
Realistically, there is zero reason to at any time operate PowerZure on a victim’s machine. Authentication is performed by using an present accesstoken.json file or by logging in via prompt when logging into Azure CLI.
Specifications
The “Az” Azure PowerShell module is the key module utilized in PowerZure, as it handles most requests interacting with Azure methods. The Az module interacts using the Azure Relaxation API.
The AzureAD PowerShell Module is also applied and is for handling AzureAD requests. The AzureAD module uses the Microsoft Graph API.
Creator
Author: Ryan Hausknecht (@haus3c)
