Breaching Azure Intro
Introduction to Azure
Breaching SolarDrops
Breaching Bogus Bank

BA Lab 05 – Solution

Finally, we found the password of the localpaul user. Based on your information retrieved from the previous labs, it’s obvious that we need to connect to by using PS Remoting port 5985/tcp.

PowerShell Remoting (PS Remoting) is a feature in PowerShell that allows users to remotely manage Windows computers. It enables administrators to execute PowerShell commands or scripts on remote computers, interactively or in a scripted manner, without needing to manually log in to each computer. PS Remoting uses the WS-Management protocol (WinRM) to establish secure connections between the local and remote computers, facilitating remote administration tasks such as configuration management, troubleshooting, and automation. 

From your attacking machine, execute the following commands on paul’s machine:

$password = ConvertTo-SecureString 'dtOpd6va5zJYql' -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential('.\localpaul', $Password)
Invoke-Command -ComputerName -Credential $creds -ScriptBlock { hostname }paul-pc

Make sure that you received the hostname of the machine.

Then execute the below command to connect to the paul machine:

Enter-PSSession -ComputerName -Credential $creds

When connected, navigate to “C:\Users\localpaul” and run: “ls”. You will notice that a hidden .azure folder exists in the directory. This indicates that someone is authenticated using az powershell module. 

When authenticated using the az module in Azure, a folder named “.azure” is created in the user’s home directory. This folder serves as a storage location for Azure-related configuration and authentication information. Within the “.azure” folder, various files store authentication tokens, subscription details, and other settings required for interacting with Azure services through the Azure CLI.

These files facilitate seamless authentication and access to Azure resources, allowing users to execute commands and manage resources without the need to repeatedly authenticate. The “.azure” folder enhances the user experience by centralizing Azure-related configurations and providing convenient access to authentication credentials, streamlining the process of working with Azure services from the command line interface.

To verify who is authenticated run the following command:

az account show