Az - VMs & Network Post Exploitation

Reading time: 5 minutes

VMs & Network

Kwa maelezo zaidi kuhusu Azure VMs na mtandao angalia ukurasa ufuatao:

Az - Virtual Machines & Network

VM Application Pivoting

Programu za VM zinaweza kushirikiwa na usajili na wapangaji wengine. Ikiwa programu inashirikiwa inawezekana kwa sababu inatumika. Hivyo, ikiwa mshambuliaji anafanikiwa kudhoofisha programu na kupakia toleo lililo na backdoor inaweza kuwa inawezekana kwamba itatekelezwa katika wapangaji au usajili mwingine.

Taarifa nyeti katika picha

Inaweza kuwa inawezekana kupata taarifa nyeti ndani ya picha zilizochukuliwa kutoka kwa VMs katika kipindi kilichopita.

1. Orodhesha picha kutoka kwa maktaba

# Get galleries
az sig list -o table

# List images inside gallery
az sig image-definition list \
--resource-group <RESOURCE_GROUP> \
--gallery-name <GALLERY_NAME> \
-o table

# Get images versions
az sig image-version list \
--resource-group <RESOURCE_GROUP> \
--gallery-name <GALLERY_NAME> \
--gallery-image-definition <IMAGE_DEFINITION> \
-o table

2. Orodha picha za kawaida

az image list -o table

3. Unda VM kutoka kwa picha ID na tafuta taarifa nyeti ndani yake

# Create VM from image
az vm create \
--resource-group <RESOURCE_GROUP> \
--name <VM_NAME> \
--image /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Compute/galleries/<GALLERY_NAME>/images/<IMAGE_DEFINITION>/versions/<IMAGE_VERSION> \
--admin-username <ADMIN_USERNAME> \
--generate-ssh-keys

Taarifa nyeti katika maeneo ya kurejesha

Inaweza kuwa inawezekana kupata taarifa nyeti ndani ya maeneo ya kurejesha.

1. Orodhesha maeneo ya kurejesha

az restore-point list \
--resource-group <RESOURCE_GROUP> \
--restore-point-collection-name <COLLECTION_NAME> \
-o table

2. Unda diski kutoka kwa hatua ya kurejesha

az disk create \
--resource-group <RESOURCE_GROUP> \
--name <NEW_DISK_NAME> \
--source /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Compute/restorePointCollections/<COLLECTION_NAME>/restorePoints/<RESTORE_POINT_NAME>

3. Unganisha diski kwenye VM (mshambuliaji anahitaji kuwa ameshambulia VM ndani ya akaunti tayari)

az vm disk attach \
--resource-group <RESOURCE_GROUP> \
--vm-name <VM_NAME> \
--name <DISK_NAME>

4. Pandisha diski na tafuta taarifa nyeti

# List all available disks
sudo fdisk -l

# Check disk format
sudo file -s /dev/sdX

# Mount it
sudo mkdir /mnt/mydisk
sudo mount /dev/sdX1 /mnt/mydisk

Taarifa nyeti katika disks & snapshots

Inaweza kuwa inawezekana kupata taarifa nyeti ndani ya disks au hata snapshots za zamani za disk.

1. Orodhesha snapshots

az snapshot list \
--resource-group <RESOURCE_GROUP> \
-o table

2. Unda diski kutoka kwa picha (ikiwa inahitajika)

az disk create \
--resource-group <RESOURCE_GROUP> \
--name <DISK_NAME> \
--source <SNAPSHOT_ID> \
--size-gb <DISK_SIZE>

3. Unganisha na kuunganisha diski kwa VM na tafuta taarifa nyeti (angalia sehemu iliyopita kuona jinsi ya kufanya hivi)

Taarifa nyeti katika Mipanuzi ya VM & Maombi ya VM

Inaweza kuwa inawezekana kupata taarifa nyeti ndani ya mipanuzi ya VM na maombi ya VM.

1. Orodhesha maombi yote ya VM

## List all VM applications inside a gallery
az sig gallery-application list --gallery-name <gallery-name> --resource-group <res-group> --output table

2. Sakinisha kiendelezi kwenye VM na tafuta taarifa nyeti

az vm application set \
--resource-group <rsc-group> \
--name <vm-name> \
--app-version-ids /subscriptions/9291ff6e-6afb-430e-82a4-6f04b2d05c7f/resourceGroups/Resource_Group_1/providers/Microsoft.Compute/galleries/myGallery/applications/myReverseShellApp/versions/1.0.2 \
--treat-deployment-as-failure true