Couple of days ago I had to connect to my Linux VMs that I have setup on my Microsoft Azure account. There I realized that I couldn’t connect to any of my linux VMs, neither from SSH or RDP.
In order to troubleshoot this I was instructed by the Troubleshooter (Troubleshoot and solve problems guide), to use the Serial Console, through the choices it gives you…
There I chose that I can’t connect to my Linux VM and I had the following screen where by choosing Serial Console from there, I could access that console.
At the beggining I though that this was just a console to help me troubleshoot any problem just by typing some commands. In fact when I connected to the serial console I saw that there where some errors about the Microsoft Azure Agent.
I overcame that just by updating and upgrading my Linux VM through the console as show below.
blackman@Kali:~$ sudo apt-get update [sudo] password for blackman: Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB] Get:2 http://kali.download/kali kali-rolling/main amd64 Packages [16.4 MB] Fetched 16.5 MB in 3s (6,358 kB/s) Reading package lists... Done
The whole thing fixed my installation and then it came to me. Why should I connect through SSH if I can run any commands from within the browser? Let’s give it a spin on my the website that you read now.
WPScanning my domain showed that no WordPress was running, so I tried to do that on the Azure URL that my website it is hosted…
blackman@Kali:~$ wpscan --url black*****.azuresites.*** _______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 2.9.4 Sponsored by Sucuri - https://sucuri.net @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_ _______________________________________________________________ [+] URL: http://black*****.azuresites.***/ [+] Started: Mon Oct 8 07:49:46 2018 [+] Interesting header: LINK: <http://black*****.azuresites.***/wp-json/>; rel="https://api.w.org/" [+] Interesting header: SERVER: Microsoft-IIS/10.0 [+] Interesting header: X-POWERED-BY: PHP/7.0.31 [+] Interesting header: X-POWERED-BY: ASP.NET [+] robots.txt available under: http://black*****.azuresites.***/robots.txt [HTTP 200] [+] XML-RPC Interface available under: http://black*****.azuresites.net/xmlrpc.php [HTTP 405] [+] API exposed: http://black*****.azuresites.***/wp-json/ [HTTP 200] [!] 1 user exposed via API: http://black*****.azuresites.***/wp-json/wp/v2/users +----+----------+------------------------------------------------------+ ...
Ok, I could use it on my own website that is hosted in Azure. So let’s check If a can do a simple nmap on my own company’s website Hood Groove Management which is hosted at my ISP’s web server.
Damn… it works! The same goes to every other single tool that you might have installed in your Linux VM distro or you can install it from that console!
By the way ” All data sent back and forth is encrypted in transit. “
Read more about the console in the link bellow