Breaching Azure+ Intro
Introduction to Azure
Breaching SolarDrops
Breaching Bogus Bank
Threat Hunting using Microsoft Sentinel
Breaching Azure+ Challenges

BA Lab 01 – Solution

MicroBurst is a great tool that automates the reconnaissance process. Using a PowerShell terminal import MicroBurst and run it against the SolarDrops cloud infrastructure as shown below: 

Import-Module .\BreachingAzureTools\MicroBurst-master\MicroBurst.psm1
Invoke-EnumerateAzureSubDomains -Base SolarDrops -Verbose

Output:

Subdomain                                 Service
---------                                 -------
SolarDropsuserfiles.azurewebsites.net     App Services
SolarDropsservices.azurewebsites.net      App Services
SolarDropsservices.scm.azurewebsites.net  App Services - Management
SolarDropsuserfiles.scm.azurewebsites.net App Services - Management
SolarDrops.mail.protection.outlook.com    Email
SolarDrops.onmicrosoft.com                Microsoft Hosted Domain
SolarDrops.sharepoint.com                 SharePoint
SolarDrops-my.sharepoint.com              SharePoint
SolarDropsstorage.blob.core.windows.net   Storage Accounts - Blobs
SolarDropsstorage.file.core.windows.net   Storage Accounts - Files
SolarDropsstorage.queue.core.windows.net  Storage Accounts - Queues
SolarDropsstorage.table.core.windows.net  Storage Accounts - Tables

Based on the above output, we managed to retrieve a number of useful services such as, App Services including the Management (SCM), Storage, Sharepoint and Email Endpoints.

By visiting “https://solardropsservices.azurewebsites.net/” we can observe a device validation message:

https://solardropsuserfiles.azurewebsites.net/ is the SolarDrops business website.

And If we try to visit App Service Management  (SCM) – https://solardropsuserfiles.scm.azurewebsites.net/, It redirects us to authenticate using Entra ID credentials.

Source Control Manager (SCM)

The “scm” in App Service refers to the Source Control Manager, which is a web interface and service associated with Azure App Service deployments. The Source Control Manager, commonly known as Kudu, provides a centralized platform for managing application deployments, integration with version control systems, and diagnostic tools. It allows developers to deploy and manage their applications directly from source control repositories such as Git or Azure Repos. Kudu offers features like continuous integration, deployment slots, and detailed logging for troubleshooting. Additionally, it provides a convenient way to view and manage files, access environment variables, and execute commands in the context of the application. The Source Control Manager is a valuable component in the Azure App Service ecosystem, streamlining deployment processes and enhancing the overall development and debugging experience.

Additional Reading