4.8 KiB
Az - Enumeration Tools
{{#include ../../banners/hacktricks-training.md}}
Install PowerShell in Linux
Tip
In linux you will need to install PowerShell Core:
sudo apt-get update
sudo apt-get install -y wget apt-transport-https software-properties-common
# Ubuntu 20.04
wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
# Update repos
sudo apt-get update
sudo add-apt-repository universe
# Install & start powershell
sudo apt-get install -y powershell
pwsh
# Az cli
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
Install PowerShell in MacOS
Instructions from the documentation:
- Install
brewif not installed yet:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- Install the latest stable release of PowerShell:
brew install powershell/tap/powershell
- Run PowerShell:
pwsh
- Update:
brew update
brew upgrade powershell
Main Enumeration Tools
az cli
Azure Command-Line Interface (CLI) is a cross-platform tool written in Python for managing and administering (most) Azure and Entra ID resources. It connects to Azure and executes administrative commands via the command line or scripts.
Follow this link for the installation instructions¡.
Commands in Azure CLI are structured using a pattern of: az <service> <action> <parameters>
Debug | MitM az cli
Using the parameter --debug it's possible to see all the requests the tool az is sending:
az account management-group list --output table --debug
In order to do a MitM to the tool and check all the requests it's sending manually you can do:
{{#tabs }} {{#tab name="Bash" }}
export ADAL_PYTHON_SSL_NO_VERIFY=1
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
export HTTPS_PROXY="http://127.0.0.1:8080"
export HTTP_PROXY="http://127.0.0.1:8080"
# If this is not enough
# Download the certificate from Burp and convert it into .pem format
# And export the following env variable
openssl x509 -in ~/Downloads/cacert.der -inform DER -out ~/Downloads/cacert.pem -outform PEM
export REQUESTS_CA_BUNDLE=/Users/user/Downloads/cacert.pem
{{#endtab }}
{{#tab name="PS" }}
$env:ADAL_PYTHON_SSL_NO_VERIFY=1
$env:AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
$env:HTTPS_PROXY="http://127.0.0.1:8080"
$env:HTTP_PROXY="http://127.0.0.1:8080"
{{#endtab }} {{#endtabs }}
Az PowerShell
Azure PowerShell is a module with cmdlets for managing Azure resources directly from the PowerShell command line.
Follow this link for the installation instructions.
Commands in Azure PowerShell AZ Module are structured like: <Action>-Az<Service> <parameters>
Debug | MitM Az PowerShell
Using the parameter -Debug it's possible to see all the requests the tool is sending:
Get-AzResourceGroup -Debug
In order to do a MitM to the tool and check all the requests it's sending manually you can set the env variables HTTPS_PROXY and HTTP_PROXY according to the docs.
Microsoft Graph PowerShell
Microsoft Graph PowerShell is a cross-platform SDK that enables access to all Microsoft Graph APIs, including services like SharePoint, Exchange, and Outlook, using a single endpoint. It supports PowerShell 7+, modern authentication via MSAL, external identities, and advanced queries. With a focus on least privilege access, it ensures secure operations and receives regular updates to align with the latest Microsoft Graph API features.
Follow this link for the installation instructions.
Commands in Microsoft Graph PowerShell are structured like: <Action>-Mg<Service> <parameters>
Debug Microsoft Graph PowerShell
Using the parameter -Debug it's possible to see all the requests the tool is sending:
Get-MgUser -Debug
AzureAD Powershell
The Azure Active Directory (AD) module, now deprecated, is part of Azure PowerShell for managing Azure AD resources. It provides cmdlets for tasks like managing users, groups, and application registrations in Entra ID.
Tip
This is replaced by Microsoft Graph PowerShell
Follow this link for the installation instructions.
{{#include ../../banners/hacktricks-training.md}}