1. Perform Reconnaissance on Azure
As an ethical hacker, you need to know how to utilize PowerShell command-based scripting tools for conducting reconnaissance and gathering information.
1. Azure Reconnaissance with AADInternals
AADInternals is primarily focused on auditing and attacking Azure Active Directory (AAD) environments, it can still be utilized as part of a broader cloud reconnaissance effort. This tool has several features such as user enumeration, credential extraction, token extraction and manipulation, privilege escalation, etc.
In the PowerShell window run Install-Module AADInternals command to install AADInternals module.
Now, run Import-Module AADInternals command, to import AADInternals module
Now, we will gather the publicly available information of a target Azure AD such as Tenant brand, Tenant name, Tenant ID along with the names of the verified domains.
In the PowerShell window run the follwoing command.
In the above command replace the company.com with the target company's domain (here, we are using eccouncil.org).
From the above screenshot we can gather information such as DNS, MX, SPF, DMARC, DKIM etc.
Now, we will perform user enumeration in Azure AD, in the PowerShell window type
We can see that the result appears, True under Exists field which implies that the Azure account with the given username exists and the attacker can perform further attacks. We can also perform the user enumeration by placing the usernames in a text file, by running
Where the users.txt file contains the target email addresses
Now, to get login information for a domain type.
Now, to get login information for a user type
To get the tenant ID for the given user, domain, or Access Token, type
To get registered domains from the tenant of the given domain
Alternatively you can visit the following website and perform the same actions
Last updated
Was this helpful?