wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-06 04:36:06 +02:00
Code Issues Releases Activity

Merge pull request #600 from CravateRouge/patch-6 

Add application endpoint enumeration
This commit is contained in:
Swissky 2022-11-07 12:28:04 +01:00 committed by GitHub
parent e5ea12a3ca 95e989f5a1
commit b7f6f72d09
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Methodology and Resources/Cloud - Azure Pentest.md
View File

@ -948,12 +948,19 @@ cat <PATH TO .json FILE> | Select-String password
```powershell
# Enumerate application that have Proxy
PS C:\Tools> Get-AzureADApplication | %{try{GetAzureADApplicationProxyApplication -ObjectId $_.ObjectID;$_.DisplayName;$_.ObjectID}catch{}}
PS C:\Tools> Get-AzureADApplication -All $true | %{try{GetAzureADApplicationProxyApplication -ObjectId $_.ObjectID;$_.DisplayName;$_.ObjectID}catch{}}
PS C:\Tools> Get-AzureADServicePrincipal -All $true | ?{$_.DisplayName -eq "Finance Management System"}
PS C:\Tools> . C:\Tools\GetApplicationProxyAssignedUsersAndGroups.ps1
PS C:\Tools> Get-ApplicationProxyAssignedUsersAndGroups -ObjectId <OBJECT-ID>
```
## Application Endpoint
```powershell
# Enumerate possible endpoints for applications starting/ending with PREFIX
PS C:\Tools> Get-AzureADServicePrincipal -All $true -Filter "startswith(displayName,'PREFIX')" | % {$_.ReplyUrls}
PS C:\Tools> Get-AzureADApplication -All $true -Filter "endswith(displayName,'PREFIX')" | Select-Object ReplyUrls,WwwHomePage,HomePage
```
## Conditional Access
* Bypassing conditional access by copying User-Agent (Chrome Dev Tool > Select iPad Pro, etc)