TheLazy.Dev
Portfolio GitHub

Blog

azure |cloudsecurity |pentest

Extracting credentials from App Service

cheahengsoon

Eng Soon Cheah

Posted on April 3, 2022

Extracting credentials from App Service

*Test at your own risk

1.Use the Get-AzPasswords function to perform a dump of credentials for App Service:

Get-AzPasswords -AutomationAccounts N -StorageAccounts N -Keys N -ACR N -CosmosDB N - Verbose | Out-GridView
Enter fullscreen mode Exit fullscreen mode

2.When prompted to select an Azure subscription, select your test Azure subscription and click OK.
Image description

3.In the resulting output, you should see credentials that were dumped from the App service configurations.
Image description
Now that we have access to the app service publish profile, we will see how these credentials can be used with the application.

Reference
https://github.com/cheahengsoon/Penetration-Testing-Azure-for-Ethical-Hackers

💖 💪 🙅 🚩
cheahengsoon
Eng Soon Cheah

Posted on April 3, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Extracting credentials from App Service
azure Extracting credentials from App Service

April 3, 2022

Exfiltering VM disks using PowerZure
azure Exfiltering VM disks using PowerZure

April 2, 2022

Enumerating subscription information with MicroBurst
azure Enumerating subscription information with MicroBurst

April 2, 2022