From 3559a62d51b43ba2a995264173e04a279e6816fb Mon Sep 17 00:00:00 2001
From: Carlos Polop <carlospolop@gmail.com>
Date: Wed, 4 Dec 2024 00:28:25 +0100
Subject: [PATCH] add more azure metadata info

---
 .../linpeas_parts/3_cloud/1_Check_if_in_cloud.sh   |  1 +
 .../builder/linpeas_parts/3_cloud/7_Azure_VM.sh    | 14 ++++++++++++++
 .../linpeas_parts/functions/check_aliyun_ecs.sh    |  3 +--
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/linPEAS/builder/linpeas_parts/3_cloud/1_Check_if_in_cloud.sh b/linPEAS/builder/linpeas_parts/3_cloud/1_Check_if_in_cloud.sh
index 25ffc34..6562ac9 100644
--- a/linPEAS/builder/linpeas_parts/3_cloud/1_Check_if_in_cloud.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/1_Check_if_in_cloud.sh
@@ -14,6 +14,7 @@
 
 
 printf "${YELLOW}Learn and practice cloud hacking techniques in ${BLUE}training.hacktricks.xyz\n"$NC
+echo ""
 
 print_list "GCP Virtual Machine? ................. $is_gcp_vm\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
 print_list "GCP Cloud Funtion? ................... $is_gcp_function\n"$NC | sed "s,Yes,${SED_RED}," | sed "s,No,${SED_GREEN},"
diff --git a/linPEAS/builder/linpeas_parts/3_cloud/7_Azure_VM.sh b/linPEAS/builder/linpeas_parts/3_cloud/7_Azure_VM.sh
index 84e81af..b558633 100644
--- a/linPEAS/builder/linpeas_parts/3_cloud/7_Azure_VM.sh
+++ b/linPEAS/builder/linpeas_parts/3_cloud/7_Azure_VM.sh
@@ -32,21 +32,35 @@ if [ "$is_az_vm" = "Yes" ]; then
   if [ "$az_req" ]; then
     print_3title "Instance details"
     exec_with_jq eval $az_req "$URL/instance?api-version=$API_VERSION"
+    echo ""
 
     print_3title "Load Balancer details"
     exec_with_jq eval $az_req "$URL/loadbalancer?api-version=$API_VERSION"
+    echo ""
+
+    print_3title "User Data"
+    exec_with_jq eval $az_req "$URL/instance/compute/userData?api-version=$API_VERSION\&format=text" | base64 -d 2>/dev/null
+    echo ""
+
+    print_3title "Custom Data and other configs (root needed)"
+    (cat /var/lib/waagent/ovf-env.xml || cat /var/lib/waagent/CustomData/ovf-env.xml) 2>/dev/null | sed "s,CustomData.*,${SED_RED},"
+    echo ""
 
     print_3title "Management token"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://management.azure.com/"
+    echo ""
 
     print_3title "Graph token"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://graph.microsoft.com/"
+    echo ""
     
     print_3title "Vault token"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://vault.azure.net/"
+    echo ""
 
     print_3title "Storage token"
     exec_with_jq eval $az_req "$URL/identity/oauth2/token?api-version=$API_VERSION\&resource=https://storage.azure.com/"
+    echo ""
   fi
   echo ""
 fi
\ No newline at end of file
diff --git a/linPEAS/builder/linpeas_parts/functions/check_aliyun_ecs.sh b/linPEAS/builder/linpeas_parts/functions/check_aliyun_ecs.sh
index 1823282..fd42cf1 100644
--- a/linPEAS/builder/linpeas_parts/functions/check_aliyun_ecs.sh
+++ b/linPEAS/builder/linpeas_parts/functions/check_aliyun_ecs.sh
@@ -13,8 +13,7 @@
 # Small linpeas: 1
 
 
-
-check_aliyun_ecs() {
+check_aliyun_ecs(){
   is_aliyun_ecs="No"
   if [ -f "/etc/cloud/cloud.cfg.d/aliyun_cloud.cfg" ]; then 
     is_aliyun_ecs="Yes"