Vulnerable Azure Environment (WIP) Scenario 1- No Metadata leaks, is it? Ana works for an ecommerce company, she was assigned to create an extension for a product, she created a brilliant piece of code, hosted the code on Azure VM. One fine day she was alerted by a friendly hacker that a bug in the code leads to compromise of a storage account. Try to investigate the incident by reproducing the attack chain. Source code is hosted on this git repo for reference. The URL of hosting- http://mywebapp.eastus.cloudapp.azure.com:5000/test_ssrf.
Scenario 2- Use your creativity for a shortcut of Scenario 1.
Scenario 3- From publicly exposed storage to a compromised database! Yummyfood is an online food delivery app which invites you to perform a pentest with the main objective to compromise restricted Azure SQL Server DB. They have loaded code for code review here- https://sachall2.blob.core.windows.net/vmmachinedetails/demo%20code.txt
Scenario 4- Cloud malfunctioned to rain shell Challenge is to obtain as many details about the hosting environment using this- https://rcechall.azurewebsites.net/api/HttpTrigger1?q=https://www.google.com