PowerZure - PowerShell script to interact with Azure

PowerZure is a PowerShell script written to assist in assessing Azure security. Functions are broken out into their context as well as the role needed to run them.


Function Description Role
PowerZure -h Diplays the help menu Any


Function Description Role
Set-Subscription Sets the default Subscription to operate in Reader


Function Description Role
Create-Backdoor Creates a Runbook that creates an Azure account and generates a Webhook to that Runbook Administrator
Execute-Backdoor Executes the backdoor that is created with "Create-Backdoor". Needs the URI generated from Create-Backdoor Administrator
Execute-Command Executes a command on a specified VM Contributor
Execute-MSBuild Executes MSBuild payload on a specified VM. By default, Azure VMs have .NET 4.0 installed. Will run as SYSTEM. Contributor
Execute-Program Executes a supplied program. Contributor
Upload-StorageContent Uploads a supplied file to a storage share. Contributor
Stop-VM Stops a VM Contributor
Start-VM Starts a VM Contributor
Restart-VM Restarts a VM Contributor
Start-Runbook Starts a specific Runbook Contributor
Set-Role Sets a role for a specific user on a specific resource or subscription Owner
Remove-Role Removes a user from a role on a specific resource or subscription Owner
Set-Group Adds a user to a group Administrator

Information Gathering

Function Description Role
Get-CurrentUser Returns the current logged in user name, their role + groups, and any owned objects Reader
Get-AllUsers Lists all users in the subscription Reader
Get-User Gathers info on a specific user Reader
Get-AllGroups Lists all groups + info within Azure AD Reader
Get-Resources Lists all resources in the subscription Reader
Get-Apps Lists all applications in the subscription Reader
Get-GroupMembers Gets all the members of a specific group. Group does NOT mean role. Reader
Get-AllGroupMembers Gathers all the group members of all the groups. Reader
Get-AllRoleMembers Gets all the members of all roles. Roles does not mean groups. Reader
Get-Roles Lists the roles in the subscription Reader
Get-RoleMembers Gets the members of a role Reader
Get-Sps Returns all service principals Reader
Get-Sp Returns all info on a specified service principal Reader
Get-Apps Gets all applications and their Ids Reader
Get-AppPermissions Returns the permissions of an app Reader
Get-WebApps Gets running web apps Reader
Get-WebAppDetails Gets running webapps details Reader

Secret Gathering

Function Description Role
Get-KeyVaults Lists the Key Vaults Reader
Get-KeyVaultContents Get the secrets from a specific Key Vault Contributor
Get-AllKeyVaultContents Gets ALL the secrets from all Key Vaults. Contributor
Get-AppSecrets Returns the application passwords or certificate credentials Contributor
Get-AllAppSecrets Returns all application passwords or certificate credentials (If accessible) Contributor
Get-AllSecrets Gets ALL the secrets from all Key Vaults and applications. Contributor
Get-AutomationCredentials Gets the credentials from any Automation Accounts Contributor

Data Exfiltration

Function Description Role
Get-StorageAccounts Gets all storage accounts Reader
Get-StorageAccountKeys Gets the account keys for a storage account Contributor
Get-StorageContents Gets the contents of a storage container or file share Reader
Get-Runbooks Lists all the Runbooks Reader
Get-RunbookContent Reads content of a specific Runbook Reader
Get-AvailableVMDisks Lists the VM disks available. Reader
Get-VMDisk Generates a link to download a Virtual Machiche's disk. The link is only available for an hour. Contributor
Get-VMs Lists available VMs Reader

More at: https://github.com/hausec/PowerZure

February 18, 2020
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013