Azure stuff
Login process
Set password in Powershell
$pass = ConvertTo-SecureString "USER_PASSWORD" -AsPlainText -Force
Store cred
$cred = New-Object System.Management.Automation.PSCredential("USER_EMAIL", $pass)
Login
Connect-AzAccount -Credential $cred
Keyvault enumeration
List available resources
Get-AzResource
List key vault secret info
Get-AzKeyVaultSecret -VaultName <VAULTNAME>
List soft deleted vault
Get-AzKeyVault -InRemovedState | Where-Object {$_.VaultName -eq 'ashvpexm991'}
Undo soft deleted vault removal
Undo-AzKeyVaultRemoval -VaultName 'VAULTNAME' -ResourceGroupName 'RESOURCEGROUPNAME'-Location 'LOCATION'
Get key vault key (used to decrypt secrets etc)
Get-AzKeyVaultKey -VaultName 'KEYVAULTNAME'
List soft deleted secret
Get-AzKeyVaultSecret -VaultName <VAULTNAME> -InRemovedState
List soft deleted key
Get-AzKeyVaultKey -VaultName <VAULTNAME> -InRemovedState
Undo soft deleted key removal
Undo-AzKeyVaultKeyRemoval -VaultName '<VAULTNAME>' -Name 'KEYNAME'
Recover deleted key
Undo-AzKeyVaultSecretRemoval -VaultName '<VAULTNAME>' -Name 'SECRETNAME'
List key vault secret in plaintext
Get-AzKeyVaultSecret -VaultName <VAULTNAME> -Name <SECRETNAME> -AsPlainText
Get versions of key vauatl secret
Get-AzKeyVaultSecret -VaultName ASwcajlr991 -Name asegfdpk991 -IncludeVersions
View access policy of a vault
Get-AzKeyVault -VaultName VAULTNAME
Change access policy to secrets
Set-AzKeyVaultAccessPolicy -VaultName VAULTNAME -UserPrincipalName USER_EMAIL -PermissionsToSecrets all
Change acesss policy to KEYS
Set-AzKeyVaultAccessPolicy -VaultName VAULTNAME -UserPrincipalName USER EMAIL -PermissionsToKeys all
Change access policy to SECRETS
Set-AzKeyVaultAccessPolicy -VaultName asjmnbxe991 -UserPrincipalName ASaznrly991@redteamlabsus.onmicrosoft.com -PermissionsToSecrets all
Decrypt encrypted key
$encryptedBytes = [Convert]::FromBase64String('gM+e8vwit3j9Kx6cQ7keYpQIC4hqq6FT3w2d1WEO7ytTilYOv1e4Ym4Sc08DHJbGzSM1GizhOs+ZOYfelGM8BnHR1G4AVHz3597nlCD0qFF35G8FyvZvJ7k2B3fLisY+/EWL2OKYrS8YWs+ktkENccnpX+pQAtvFqaDQmoU8ZW3GSXJPAhwlje2TsHhYV7XS8qiIuk2gUHpvtjJwIn0fRicj3ZURYBwc+OdzH+JG+PM4gOxqBcNCCnleGDDb/e8gCVb36WTxu67ICRZ0T0qGfZ6dJ/AFcMIChZt39I5ilndG1XTPK9pfkoXqHDHZ+ke1tUFRWwW+ULJUEfOGeobwLg==')
$DecryptedData = Invoke-AzKeyVaultKeyOperation -Operation Decrypt -Algorithm RSA1_5 -ByteArrayValue $encryptedBytes -VaultName KEYVAULT_NAME -Name KEY_NAME
[system.Text.Encoding]::UTF8.GetString($DecryptedData.RawResult)
List versions of secret
Get-AzKeyVaultSecret -VaultName 'KEYVAULT_NAME' -Name 'SECRET_NAME' -IncludeVersions
Get specific version of a secret
Get-AzKeyVaultSecret -VaultName 'KEYVAULT_NAME' -Name 'SECRET_NAME' -Version 'VERSION' -AsPlainText
List versions of a key
Get-AzKeyVaultKey -VaultName AStlries991 -Name ascvjdmu991 -IncludeVersions
Get specific version of a key
Get-AzKeyVaultKey -VaultName AStlries991 -Name ascvjdmu991 -Version 123b861d48524bca950b4b04e4a963b4
Decrypt using specific key version
$DecryptedData = Invoke-AzKeyVaultKeyOperation -Operation Decrypt -Algorithm RSA1_5 -ByteArrayValue $encryptedBytes -VaultName astlries991 -Name ascvjdmu991 -Version 123b861d48524bca950b4b04e4a963b4
List key vault key Key operations
Note: try this when you get “Operation decrypt is not permitted on this key.” Error
(Get-AzKeyVaultKey -VaultName ASknqdiw991 -Name asfoaxlz991).Attributes.KeyOps
Set key vault key operations
Set-AzKeyVaultKey -VaultName ASknqdiw991 -Name asfoaxlz991 -KeyOps @("encrypt", "decrypt", "sign", "verify", "wrapKey", "unwrapKey")
Enumerate SubDomains
Import-Module MicroBurst.psm1
Invoke-EnumerateAzureSubDomains -Base "<Key Vault Name>"
Subdomain Service
asoifzgd251.vault.azure.net Key Vaults