Operational Usage

PowerZure comes in .ps1 format which requires it to be imported for each new PowerShell session. To import, simply use

Import-Module C:\Location\to\Powerzure.ps1

There is zero reason to ever run PowerZure on a victim’s machine. Authentication is done by using an existing accesstoken.json file or by logging in via prompt when logging into Azure, meaning you can safely use PowerZure to interact with a victim’s cloud instance from your operating machine.

If the target environment is contraining Azure access to their network/VPN, then consider using a proxy.

You must sign-in to Azure before PowerZure functions are made available. To sign in, use the cmdlet

Connect-AzAccount

Once you are signed in to Azure, you can import PowerZure:

ipmo C:\Path\To\Powerzure.ps1

Upon importing, it will list your current role and available subscriptions. If you’re in a tenant with multiple subscriptions, you must set a default subscription with

Set-AzureSubscription -Id [Subscription ID]

Once set, you can run

Get-AzureTargets

To get a list of resources you have access to and exploit them accordingly.