a

2025-10-10 18:36:50 +00:00 · 2025-02-12 18:22:09 +01:00 · 2025-02-12 18:22:09 +01:00 · b5b629f015
commit b5b629f015
parent 0deabff36d
1 changed files with 2 additions and 2 deletions
--- a/src/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
+++ b/src/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
@ -349,9 +349,9 @@ curl http://169.254.169.254/metadata/v1.json | jq
 > [!TIP]
 > An Azure VM can have attached 1 system managed identity and several user managed identities. Which basically means that you can **impersonate all the managed identities attached to a VM**.
 >
-> By **default**, the metadata endpoint will use the **system assigned MI (if any)**.
+> When requesting an access token to the metadata endpoint, by default the metadata service will use the **system assigned managed identity** to generate the token, if there is any system assigned managed identity. In case there is just **ONE user assigned managed identity**, then this will be used by default. However, in case there is no system assigned managed identity and there are **multiple user assigned managed identities**, then the metadata service will return an error indicating that there are multiple managed identities and it's necessary to **specify which one to use**.
 >
-> Unfortunately I couldn't find any metadata endpoint indicating all the MIs a VM has attached.
+> Unfortunately I couldn't find any metadata endpoint indicating all the MIs a VM has attached, so finding out all the assigned managed identities to a VM could be a hard task from a Red Team perspective.
 >
 > Therefore, to find all the attached MIs you can do:
 >