Azure
Table of contents
Before to start
Install AADInternals as it provides useful cmdlets to interact with Azure.
Import-Module AADInternals
Recon
First, check if the Azure domain exists.
wget https://login.microsoftonline.com/$DomainName/.well-known/openid-configuration
# This one does not validate the username exists, only the domain.
wget https://login.microsoftonline.com/getuserrealm.srf?login=$Username@$DomainName
# Using AADInternals.
Get-AADIntTenantID -Domain $DomainName
Without an account
Privilege escalation
Once you are authenticated on an Azure tenant, start by enumerating it before going through following attacks.
Useful links
- MSPortals.io to get the list of Microsoft administrator sites, training, and licensing resources.