최신The SecOps Group Certified Cloud Pentesting eXpert - Azure - CCPenX-Az무료샘플문제
문제1
ExcaliburCorp has recently migrated part of its infrastructure to Microsoft Azure. Shortly after the migration, the company suffered a security breach resulting in the exposure of sensitive internal data. Their investigation revealed that the attack originated from a disgruntled developer who has since disappeared. To assess and mitigate further risks, ExcaliburCorp has granted you access to a replica Azure environment with the same permissions the developer had at the time of the incident. Your task is to simulate the attacker's actions, uncover the full extent of the compromise, and identify vulnerable configurations or services that enabled the breach.
Using the provided Azure login credentials, perform OSINT and reconnaissance to identify the Azure Active Directory/AAD Tenant ID associated with the environment.
ExcaliburCorp has recently migrated part of its infrastructure to Microsoft Azure. Shortly after the migration, the company suffered a security breach resulting in the exposure of sensitive internal data. Their investigation revealed that the attack originated from a disgruntled developer who has since disappeared. To assess and mitigate further risks, ExcaliburCorp has granted you access to a replica Azure environment with the same permissions the developer had at the time of the incident. Your task is to simulate the attacker's actions, uncover the full extent of the compromise, and identify vulnerable configurations or services that enabled the breach.
Using the provided Azure login credentials, perform OSINT and reconnaissance to identify the Azure Active Directory/AAD Tenant ID associated with the environment.
정답:
See the Answer in Explanation below.
Explanation:
f015f36d-c07f-41fb-9bde-fffc3a22ee8b
Detailed Solution:
Log in using the supplied breached Azure account.
az login -u [email protected] -p ' pg:Lr{k102l(fh7! ' After successful authentication, check the active Azure subscription context.
az account show
The important fields are:
{
" id " : " 7403ec86-c39d-4d80-9efa-35c7580ecefa " ,
" name " : " Azure subscription 1 " ,
" tenantDefaultDomain " : " azuresecops.onmicrosoft.com " ,
" tenantDisplayName " : " ExcaliburCorp " ,
" tenantId " : " f015f36d-c07f-41fb-9bde-fffc3a22ee8b "
}
The AAD / Microsoft Entra tenant ID is the tenantId.
Final answer:
f015f36d-c07f-41fb-9bde-fffc3a22ee8b
Explanation:
f015f36d-c07f-41fb-9bde-fffc3a22ee8b
Detailed Solution:
Log in using the supplied breached Azure account.
az login -u [email protected] -p ' pg:Lr{k102l(fh7! ' After successful authentication, check the active Azure subscription context.
az account show
The important fields are:
{
" id " : " 7403ec86-c39d-4d80-9efa-35c7580ecefa " ,
" name " : " Azure subscription 1 " ,
" tenantDefaultDomain " : " azuresecops.onmicrosoft.com " ,
" tenantDisplayName " : " ExcaliburCorp " ,
" tenantId " : " f015f36d-c07f-41fb-9bde-fffc3a22ee8b "
}
The AAD / Microsoft Entra tenant ID is the tenantId.
Final answer:
f015f36d-c07f-41fb-9bde-fffc3a22ee8b
문제2
You are reviewing Azure Activity Logs after a lab compromise. Which operation indicates that an attacker reset another user's password through Microsoft Entra ID?
You are reviewing Azure Activity Logs after a lab compromise. Which operation indicates that an attacker reset another user's password through Microsoft Entra ID?
정답: C
설명: (ExamPassdump 회원만 볼 수 있음)
문제3
You've gained access to the Azure environment, now dig deeper. One of the accessible resources contains a hidden flag.
You've gained access to the Azure environment, now dig deeper. One of the accessible resources contains a hidden flag.
정답:
See the Answer in Explanation below.
Explanation:
Flag{a92f7e0c3c4b9d88a1f54e6723d4c1a2}
Detailed Solution:
Start by listing all Azure resources accessible to the compromised user.
az resource list --output table
The environment exposes at least these resources:
RnD-Tools Excalibur-Resources ukwest Microsoft.Web/sites
WebAppTokenIdentity Excalibur-Resources ukwest Microsoft.ManagedIdentity/userAssignedIdentities The most interesting target is the App Service:
RnD-Tools
Web Apps often store configuration values in App Settings. These commonly contain secrets, flags, API keys, connection strings, or credentials.
Query the App Service application settings:
az webapp config appsettings list \
--name RnD-Tools \
--resource-group Excalibur-Resources \
--output json
Look for keys such as:
Flag
secret
password
token
connectionString
clientSecret
The exposed app setting contains:
{
" name " : " Flag " ,
" slotSetting " : false,
" value " : " Flag{a92f7e0c3c4b9d88a1f54e6723d4c1a2} "
}
Final answer:
Flag{a92f7e0c3c4b9d88a1f54e6723d4c1a2}
Explanation:
Flag{a92f7e0c3c4b9d88a1f54e6723d4c1a2}
Detailed Solution:
Start by listing all Azure resources accessible to the compromised user.
az resource list --output table
The environment exposes at least these resources:
RnD-Tools Excalibur-Resources ukwest Microsoft.Web/sites
WebAppTokenIdentity Excalibur-Resources ukwest Microsoft.ManagedIdentity/userAssignedIdentities The most interesting target is the App Service:
RnD-Tools
Web Apps often store configuration values in App Settings. These commonly contain secrets, flags, API keys, connection strings, or credentials.
Query the App Service application settings:
az webapp config appsettings list \
--name RnD-Tools \
--resource-group Excalibur-Resources \
--output json
Look for keys such as:
Flag
secret
password
token
connectionString
clientSecret
The exposed app setting contains:
{
" name " : " Flag " ,
" slotSetting " : false,
" value " : " Flag{a92f7e0c3c4b9d88a1f54e6723d4c1a2} "
}
Final answer:
Flag{a92f7e0c3c4b9d88a1f54e6723d4c1a2}
문제4
After authenticating as the service principal, enumerate its assigned Azure RBAC role. Which role does it have?
After authenticating as the service principal, enumerate its assigned Azure RBAC role. Which role does it have?
정답: D
설명: (ExamPassdump 회원만 볼 수 있음)