Enumeración autenticada

Credenciales de usuario

Az PowerShell

Conexión inicial.

$UserPassword = ConvertTo-SecureString '<password>' -AsPlainText -Force
$UserCredential = New-Object System.Management.Automation.PSCredential ("<user>@<tenant-name>.onmicrosoft.com", $UserPassword)
Connect-AzAccount -Credential $UserCredential -Tenant "<tenant>"

Enumeración general.

Get-AzResource
Get-AzResourceGroup
Get-AzWebApp
Get-AzFunctionApp
Get-AzKeyVault
Get-AzStorageAccount
Get-AzRoleAssignment -SignInName <user>

Enumeración de SQL Server.

Get-AzSqlServer

$SQLServers = Get-AzSqlServer
foreach($SQLServer in $SQLServers){
    Get-AzSqlDatabase -ServerName $SQLServer.ServerName –ResourceGroupName $SQLServer.ResourceGroupName
}

Enumeración Cosmo DB.

$ResourceGroups = (Get-AzResourceGroup).ResourceGroupName
foreach($ResourceGroup in $ResourceGroups){
    Get-AzCosmosDBAccount -ResourceGroupName $ResourceGroup -ErrorAction SilentlyContinue
}

AzureAD

Obtener Tenant ID.

$UserPassword = ConvertTo-SecureString '<password>' -AsPlainText -Force
$UserCredential = New-Object System.Management.Automation.PSCredential ("<user>@<tenant>.onmicrosoft.com", $UserPassword)
Connect-AzureAD -Credential $UserCredential

Enumeración general.

Get-AzureADUser
Get-AzureADUser -SearchString "<search-string>"

Credenciales de service principal

Az PowerShell

Conexión inicial.

$Password = ConvertTo-SecureString '<client-secret>' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential("<service-principal-application-ID>", $Password)
Connect-AzAccount -ServicePrincipal -Credential $Credential -Tenant "<tenant>"

Enumeración general.

Get-AzADApplication
Get-AzADServicePrincipal -ApplicationId "<application-ID>"

Enumerar todos los objetos sobre los que service principal tiene derechos de propietario.

$GraphToken = (Get-AzAccessToken -ResourceUrl https://graph.microsoft.com).Token
$Params = @{
    "URI"     = "https://graph.microsoft.com/v1.0/servicePrincipals/<service-principal-object-ID>/ownedObjects"
    "Method"  = "GET"
    "Headers" = @{
        "Authorization" = "Bearer $GraphToken"
        "Content-Type"  = "application/json"
        }
    }

$Result = Invoke-RestMethod @Params -UseBasicParsing
$Result.value

Enumerer todos los roles de aplicación asignados a un service principal.

$GraphToken = (Get-AzAccessToken -ResourceUrl https://graph.microsoft.com).Token
$Params = @{
    "URI" = "https://graph.microsoft.com/v1.0/servicePrincipals/<service-principal-object-ID>/appRoleAssignments"
    "Method" = "GET"
    "Headers" = @{
    "Authorization" = "Bearer $GraphToken"
    "Content-Type" = "application/json"
    }
}
$RoleAssignments = Invoke-RestMethod @Params -UseBasicParsing
$RoleAssignments.value

AnteriorEnumeración no autenticada SiguienteKey Vault

Última actualización hace 2 años

¿Te fue útil?

Enumeración autenticada

Credenciales de usuario

Az PowerShell

Conexión inicial.

$UserPassword = ConvertTo-SecureString '<password>' -AsPlainText -Force
$UserCredential = New-Object System.Management.Automation.PSCredential ("<user>@<tenant-name>.onmicrosoft.com", $UserPassword)
Connect-AzAccount -Credential $UserCredential -Tenant "<tenant>"

Enumeración general.

Get-AzResource
Get-AzResourceGroup
Get-AzWebApp
Get-AzFunctionApp
Get-AzKeyVault
Get-AzStorageAccount
Get-AzRoleAssignment -SignInName <user>

Enumeración de SQL Server.

Get-AzSqlServer

$SQLServers = Get-AzSqlServer
foreach($SQLServer in $SQLServers){
    Get-AzSqlDatabase -ServerName $SQLServer.ServerName –ResourceGroupName $SQLServer.ResourceGroupName
}

Enumeración Cosmo DB.

$ResourceGroups = (Get-AzResourceGroup).ResourceGroupName
foreach($ResourceGroup in $ResourceGroups){
    Get-AzCosmosDBAccount -ResourceGroupName $ResourceGroup -ErrorAction SilentlyContinue
}

AzureAD

Obtener Tenant ID.

$UserPassword = ConvertTo-SecureString '<password>' -AsPlainText -Force
$UserCredential = New-Object System.Management.Automation.PSCredential ("<user>@<tenant>.onmicrosoft.com", $UserPassword)
Connect-AzureAD -Credential $UserCredential

Enumeración general.

Get-AzureADUser
Get-AzureADUser -SearchString "<search-string>"

Credenciales de service principal

Az PowerShell

Conexión inicial.

$Password = ConvertTo-SecureString '<client-secret>' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential("<service-principal-application-ID>", $Password)
Connect-AzAccount -ServicePrincipal -Credential $Credential -Tenant "<tenant>"

Enumeración general.

Get-AzADApplication
Get-AzADServicePrincipal -ApplicationId "<application-ID>"

Enumerar todos los objetos sobre los que service principal tiene derechos de propietario.

$GraphToken = (Get-AzAccessToken -ResourceUrl https://graph.microsoft.com).Token
$Params = @{
    "URI"     = "https://graph.microsoft.com/v1.0/servicePrincipals/<service-principal-object-ID>/ownedObjects"
    "Method"  = "GET"
    "Headers" = @{
        "Authorization" = "Bearer $GraphToken"
        "Content-Type"  = "application/json"
        }
    }

$Result = Invoke-RestMethod @Params -UseBasicParsing
$Result.value

Enumerer todos los roles de aplicación asignados a un service principal.

$GraphToken = (Get-AzAccessToken -ResourceUrl https://graph.microsoft.com).Token
$Params = @{
    "URI" = "https://graph.microsoft.com/v1.0/servicePrincipals/<service-principal-object-ID>/appRoleAssignments"
    "Method" = "GET"
    "Headers" = @{
    "Authorization" = "Bearer $GraphToken"
    "Content-Type" = "application/json"
    }
}
$RoleAssignments = Invoke-RestMethod @Params -UseBasicParsing
$RoleAssignments.value

AnteriorEnumeración no autenticada SiguienteKey Vault

Última actualización hace 2 años

¿Te fue útil?