HackTricks CloudAz - Cloud Shell
Reading time: 4 minutes
{% hint style="success" %}
Learn & practice AWS Hacking: (1) (1) (1).png)
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking:  (1).png)
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Azure Cloud Shell
Azure Cloud Shell is an interactive, authenticated, browser-accessible terminal designed for managing Azure resources, offering the flexibility to work with either Bash or PowerShell. It runs on a temporary, per-session host that times out after 20 minutes of inactivity, while persisting files in the $HOME location using a 5-GB file share. Cloud Shell can be accessed through multiple points, including the Azure portal, shell.azure.com, Azure CLI and PowerShell documentation, the Azure mobile app, and the Visual Studio Code Azure Account extension.
There aren't permissions assigned to this service, therefore the aren't privilege escalation techniques. Also there isn't any kind of enumeration.
Key Features
Environment:Azure Cloud Shell provides a secure environment by running on Azure Linux, Microsoft’s own Linux distribution designed for cloud infrastructure. All packages included in the Azure Linux repository are internally compiled by Microsoft to guard against supply chain attacks. Preinstalled Tools: Cloud Shell includes a comprehensive set of preinstalled tools such as Azure CLI, Azure PowerShell, Terraform, Docker CLI, Ansible, Git, and text editors like vim, nano, and emacs. These tools are ready to use. To list the installed packeges and modules you can use "Get-Module -ListAvailable", "tdnf list" and "pip3 list". $HOME persistence: When starting Azure Cloud Shell for the first time, you can use it with or without an attached storage account. Choosing not to attach storage creates an ephemeral session where files are deleted when the session ends. To persist files across sessions, mount a storage account, which attaches automatically as $HOME\clouddrive, with your $HOME directory saved as an .img file in Azure File Share. However, files outside $HOME and machine states are not persisted. For securely storing secrets like SSH keys, use Azure Key Vault. Azure drive (Azure:): PowerShell in Azure Cloud Shell includes the Azure drive (Azure:), which allows easy navigation of Azure resources like Compute, Network, and Storage using filesystem-like commands. Switch to the Azure drive with cd Azure: and return to your home directory with cd ~. You can still use Azure PowerShell cmdlets to manage resources from any drive. Custom Tool Installation: Users who configure Cloud Shell with a storage account can install additional tools that do not require root permissions. This feature allows for further customization of the Cloud Shell environment, enabling users to tailor their setup to their specific needs.
References
- https://learn.microsoft.com/en-us/azure/cloud-shell/overview
- https://learn.microsoft.com/en-us/azure/cloud-shell/features
- https://learn.microsoft.com/en-us/azure/cloud-shell/using-the-shell-window
Persistence
{% content-ref url="../az-privilege-escalation/az-cloud-shell-persistence.md" %} az-cloud-shell-persistence.md {% endcontent-ref %}
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.