mirror of
				https://github.com/HackTricks-wiki/hacktricks.git
				synced 2025-10-10 18:36:50 +00:00 
			
		
		
		
	GITBOOK-4453: No subject
This commit is contained in:
		
							parent
							
								
									1223cf32e1
								
							
						
					
					
						commit
						10ff486190
					
				| @ -482,26 +482,13 @@ Most of the time, you want a token for one of these resources: | ||||
| echo $IDENTITY_HEADER | ||||
| echo $IDENTITY_ENDPOINT | ||||
| 
 | ||||
| # You should also be able to find the folder: | ||||
| # (Fingerprint) You should also be able to find the folder: | ||||
| ls /opt/microsoft | ||||
| #and the file | ||||
| ls /opt/microsoft/msodbcsql17 | ||||
| 
 | ||||
| # Get management token | ||||
| curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER | ||||
| curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2019-08-01" -H X-IDENTITY-HEADER:$IDENTITY_HEADER | ||||
| # Get graph token | ||||
| curl "$IDENTITY_ENDPOINT?resource=https://graph.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER | ||||
| 
 | ||||
| # API | ||||
| # Get Subscriptions | ||||
| URL="https://management.azure.com/subscriptions?api-version=2020-01-01" | ||||
| curl -H "Authorization: $TOKEN" "$URL" | ||||
| # Get current permission on resources in the subscription | ||||
| URL="https://management.azure.com/subscriptions/<subscription-uid>/resources?api-version=2020-10-01'" | ||||
| curl -H "Authorization: $TOKEN" "$URL" | ||||
| # Get permissions in a VM | ||||
| URL="https://management.azure.com/subscriptions/<subscription-uid>/resourceGroups/Engineering/providers/Microsoft.Compute/virtualMachines/<VM-name>/providers/Microsoft.Authorization/permissions?api-version=2015-07-01" | ||||
| curl -H "Authorization: $TOKEN" "$URL" | ||||
| curl "$IDENTITY_ENDPOINT?resource=https://graph.azure.com/&api-version=2019-08-01" -H X-IDENTITY-HEADER:$IDENTITY_HEADER | ||||
| ``` | ||||
| 
 | ||||
| ```powershell | ||||
| @ -650,4 +637,3 @@ Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" d | ||||
| 
 | ||||
| </details> | ||||
| {% endhint %} | ||||
| 
 | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user