PowerZure is a PowerShell script written to assist in assessing Azure security. Functions are broken out into their context as well as the role needed to run them.
Help
Function | Description | Role |
---|---|---|
PowerZure -h | Diplays the help menu | Any |
Mandatory
Function | Description | Role |
---|---|---|
Set-Subscription | Sets the default Subscription to operate in | Reader |
Operational
Function | Description | Role |
---|---|---|
Create-Backdoor | Creates a Runbook that creates an Azure account and generates a Webhook to that Runbook | Administrator |
Execute-Backdoor | Executes the backdoor that is created with “Create-Backdoor”. Needs the URI generated from Create-Backdoor | Administrator |
Execute-Command | Executes a command on a specified VM | Contributor |
Execute-MSBuild | Executes MSBuild payload on a specified VM. By default, Azure VMs have .NET 4.0 installed. Will run as SYSTEM. | Contributor |
Execute-Program | Executes a supplied program. | Contributor |
Upload-StorageContent | Uploads a supplied file to a storage share. | Contributor |
Stop-VM | Stops a VM | Contributor |
Start-VM | Starts a VM | Contributor |
Restart-VM | Restarts a VM | Contributor |
Start-Runbook | Starts a specific Runbook | Contributor |
Set-Role | Sets a role for a specific user on a specific resource or subscription | Owner |
Remove-Role | Removes a user from a role on a specific resource or subscription | Owner |
Set-Group | Adds a user to a group | Administrator |
Information Gathering
Function | Description | Role |
---|---|---|
Get-CurrentUser | Returns the current logged in user name, their role + groups, and any owned objects | Reader |
Get-AllUsers | Lists all users in the subscription | Reader |
Get-User | Gathers info on a specific user | Reader |
Get-AllGroups | Lists all groups + info within Azure AD | Reader |
Get-Resources | Lists all resources in the subscription | Reader |
Get-Apps | Lists all applications in the subscription | Reader |
Get-GroupMembers | Gets all the members of a specific group. Group does NOT mean role. | Reader |
Get-AllGroupMembers | Gathers all the group members of all the groups. | Reader |
Get-AllRoleMembers | Gets all the members of all roles. Roles does not mean groups. | Reader |
Get-Roles | Lists the roles in the subscription | Reader |
Get-RoleMembers | Gets the members of a role | Reader |
Get-Sps | Returns all service principals | Reader |
Get-Sp | Returns all info on a specified service principal | Reader |
Get-Apps | Gets all applications and their Ids | Reader |
Get-AppPermissions | Returns the permissions of an app | Reader |
Get-WebApps | Gets running web apps | Reader |
Get-WebAppDetails | Gets running webapps details | Reader |
Secret Gathering
Function | Description | Role |
---|---|---|
Get-KeyVaults | Lists the Key Vaults | Reader |
Get-KeyVaultContents | Get the secrets from a specific Key Vault | Contributor |
Get-AllKeyVaultContents | Gets ALL the secrets from all Key Vaults. | Contributor |
Get-AppSecrets | Returns the application passwords or certificate credentials | Contributor |
Get-AllAppSecrets | Returns all application passwords or certificate credentials (If accessible) | Contributor |
Get-AllSecrets | Gets ALL the secrets from all Key Vaults and applications. | Contributor |
Get-AutomationCredentials | Gets the credentials from any Automation Accounts | Contributor |
Data Exfiltration
Function | Description | Role |
---|---|---|
Get-StorageAccounts | Gets all storage accounts | Reader |
Get-StorageAccountKeys | Gets the account keys for a storage account | Contributor |
Get-StorageContents | Gets the contents of a storage container or file share | Reader |
Get-Runbooks | Lists all the Runbooks | Reader |
Get-RunbookContent | Reads content of a specific Runbook | Reader |
Get-AvailableVMDisks | Lists the VM disks available. | Reader |
Get-VMDisk | Generates a link to download a Virtual Machiche’s disk. The link is only available for an hour. | Contributor |
Get-VMs | Lists available VMs | Reader |
Leave a Reply