darnellkeith/PEASS-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve winpeas azure env detection

Browse Source
This commit is contained in:
Carlos Polop 2025-02-23 23:58:41 +01:00
parent 516aafff27
commit b82fc9ac39
1 changed files with 105 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
winPEAS/winPEASexe/winPEAS/Info/CloudInfo/AzureInfo.cs
View File

@ -1,20 +1,39 @@
using System.Collections.Generic;
using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System;
namespace winPEAS.Info.CloudInfo
{
internal class AzureInfo : CloudInfoBase
{
public override string Name => "Azure VM";
public override bool IsCloud => Directory.Exists(WINDOWS_AZURE_FOLDER);
// The Name property now differentiates between an Azure VM and an Azure Container.
public override string Name
{
get
{
if (IsContainer())
return "Azure Container"; // **Container environment detected**
return "Azure VM"; // **VM environment detected**
}
}
// IsCloud now returns true if either the Azure VM folder exists or container env vars are set.
public override bool IsCloud => Directory.Exists(WINDOWS_AZURE_FOLDER) || IsContainer();
private Dictionary<string, List<EndpointData>> _endpointData = null;
const string WINDOWS_AZURE_FOLDER = "c:\\windowsazure";
const string AZURE_BASE_URL = "http://169.254.169.254/metadata/";
const string API_VERSION = "2021-12-13";
const string CONTAINER_API_VERSION = "2019-08-01";
// **New helper method to detect if running inside an Azure container**
private bool IsContainer()
{
return !string.IsNullOrEmpty(Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT")) ||
!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("MSI_ENDPOINT"));
}
public override Dictionary<string, List<EndpointData>> EndpointDataList()
{
@ -25,28 +44,38 @@ namespace winPEAS.Info.CloudInfo
try
{
string result;
string result;
List<Tuple<string, string, bool>> endpoints;
List<Tuple<string, string, bool>> endpoints = new List<Tuple<string, string, bool>>()
if (IsContainer())
{
new Tuple<string, string, bool>("Instance Details", $"instance?api-version={API_VERSION}", false),
new Tuple<string, string, bool>("Load Balancer details", $"loadbalancer?api-version={API_VERSION}", false),
new Tuple<string, string, bool>("Management token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://management.azure.com/", true),
new Tuple<string, string, bool>("Graph token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://graph.microsoft.com/", true),
new Tuple<string, string, bool>("Vault token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://vault.azure.net/", true),
new Tuple<string, string, bool>("Storage token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://storage.azure.com/", true)
};
if (IsAvailable)
{
// **Running in Azure Container: use the container endpoint and add the "Secret" header if available**
string containerBaseUrl = Environment.GetEnvironmentVariable("MSI_ENDPOINT") ??
Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT");
endpoints = new List<Tuple<string, string, bool>>()
{
new Tuple<string, string, bool>("Management token", $"identity/oauth2/token?api-version={CONTAINER_API_VERSION}&resource=https://management.azure.com/", true),
new Tuple<string, string, bool>("Graph token", $"identity/oauth2/token?api-version={CONTAINER_API_VERSION}&resource=https://graph.microsoft.com/", true),
new Tuple<string, string, bool>("Vault token", $"identity/oauth2/token?api-version={CONTAINER_API_VERSION}&resource=https://vault.azure.net/", true),
new Tuple<string, string, bool>("Storage token", $"identity/oauth2/token?api-version={CONTAINER_API_VERSION}&resource=https://storage.azure.com/", true)
};
foreach (var tuple in endpoints)
{
string url = $"{AZURE_BASE_URL}{tuple.Item2}";
result = CreateMetadataAPIRequest(url, "GET", new WebHeaderCollection() { { "Metadata", "true" } });
// Ensure proper URL formatting.
string url = $"{containerBaseUrl}{(containerBaseUrl.EndsWith("/") ? "" : "/")}{tuple.Item2}";
var headers = new WebHeaderCollection();
string msiSecret = Environment.GetEnvironmentVariable("MSI_SECRET");
if (!string.IsNullOrEmpty(msiSecret))
{
headers.Add("Secret", msiSecret);
}
string identitySecret = Environment.GetEnvironmentVariable("IDENTITY_HEADER");
if (!string.IsNullOrEmpty(identitySecret))
{
headers.Add("X-IDENTITY-HEADER", identitySecret);
}
result = CreateMetadataAPIRequest(url, "GET", headers);
_endpointDataList.Add(new EndpointData()
{
EndpointName = tuple.Item1,
@ -54,12 +83,36 @@ namespace winPEAS.Info.CloudInfo
IsAttackVector = tuple.Item3
});
}
}
else if (Directory.Exists(WINDOWS_AZURE_FOLDER))
{
// **Running in Azure VM: use the standard metadata endpoint with "Metadata: true" header**
endpoints = new List<Tuple<string, string, bool>>()
{
new Tuple<string, string, bool>("Instance Details", $"instance?api-version={API_VERSION}", false),
new Tuple<string, string, bool>("Load Balancer details", $"loadbalancer?api-version={API_VERSION}", false),
new Tuple<string, string, bool>("Management token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://management.azure.com/", true),
new Tuple<string, string, bool>("Graph token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://graph.microsoft.com/", true),
new Tuple<string, string, bool>("Vault token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://vault.azure.net/", true),
new Tuple<string, string, bool>("Storage token", $"identity/oauth2/token?api-version={API_VERSION}&resource=https://storage.azure.com/", true)
};
foreach (var tuple in endpoints)
{
string url = $"{AZURE_BASE_URL}{tuple.Item2}";
result = CreateMetadataAPIRequest(url, "GET", new WebHeaderCollection() { { "Metadata", "true" } });
_endpointDataList.Add(new EndpointData()
{
EndpointName = tuple.Item1,
Data = result,
IsAttackVector = tuple.Item3
});
}
}
else
{
foreach (var endpoint in endpoints)
// If neither container nor VM, endpoints remain unset.
foreach (var endpoint in new List<Tuple<string, string, bool>>())
{
_endpointDataList.Add(new EndpointData()
{
@ -74,6 +127,7 @@ namespace winPEAS.Info.CloudInfo
}
catch (Exception ex)
{
// **Exception handling (e.g., logging) can be added here**
}
}
@ -82,7 +136,31 @@ namespace winPEAS.Info.CloudInfo
public override bool TestConnection()
{
return CreateMetadataAPIRequest(AZURE_BASE_URL, "GET") != null;
}
if (IsContainer())
{
// **Test connection for Azure Container**
string containerBaseUrl = Environment.GetEnvironmentVariable("MSI_ENDPOINT") ??
Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT");
if (string.IsNullOrEmpty(containerBaseUrl))
return false;
var headers = new WebHeaderCollection();
string msiSecret = Environment.GetEnvironmentVariable("MSI_SECRET");
if (!string.IsNullOrEmpty(msiSecret))
{
headers.Add("Secret", msiSecret);
}
string identitySecret = Environment.GetEnvironmentVariable("IDENTITY_HEADER");
if (!string.IsNullOrEmpty(identitySecret))
{
headers.Add("X-IDENTITY-HEADER", identitySecret);
}
return CreateMetadataAPIRequest(containerBaseUrl, "GET", headers) != null;
}
else
{
// **Test connection for Azure VM**
return CreateMetadataAPIRequest(AZURE_BASE_URL, "GET", new WebHeaderCollection() { { "Metadata", "true" } }) != null;
}
}
}
}