- Published on
The challenge provides Client Credentials that are used to identify the Tenant ID, then using that to request an Access Token that we can use to authenticate and enumerate the API Permission assigned to the Application
Azure
All Posts
- machine (13)
- windows (11)
- active-directory (11)
- cyberwarfarelabs (7)
- cloud (7)
- genericall (4)
- gcp (3)
- esc1 (3)
azure (2)
- command-injection (2)
- ssrf (2)
- awscli (2)
- aws (2)
- linux (2)
- genericwrite (2)
- pass-back-attack (2)
- s4u2self (2)
- s4u2proxy (2)
- mssql (2)
- writeowner (2)
- shadow-credentials (2)
- pwn (1)
- malloc (1)
- pwnablexyz (1)
- gcloud-cli (1)
- lambda (1)
- testiampermissions (1)
- ms-graph (1)
- sqlpad (1)
- docker-jail (1)
- port-forwarding (1)
- chrome-pentest (1)
- froxlor (1)
- daloradius (1)
- mosh-server (1)
- forcechangepassword (1)
- pwsafe2john (1)
- dcsync (1)
- ansible2john (1)
- pwm (1)
- certificate-service-dcom-access (1)
- ldap-shell (1)
- schannel (1)
- rid-brute (1)
- sebackupprivilege (1)
- ntlm-relay (1)
- esc4 (1)
- time-skew (1)
- esc16 (1)
- dpapi-credentials (1)
- server-operators (1)
- reverse-engineering (1)
- rbcd (1)
- laps (1)
- pfx2john (1)
- ssl (1)
- readlapspassword (1)
- tombstone (1)
- readgmsapassword (1)
- writespn (1)
- kerberoast (1)
- addself (1)
- esc15 (1)
- Published on
The challenge is a webapp that has a Command Injection vulnerability, the goal is to exploit the vulnerability by making an internal request to the Azure instance and extract the access token to authenticate then retrieve the Azure Subscription ID which is the flag