CCPenX-Az試験無料問題集「The SecOps Group Certified Cloud Pentesting eXpert - Azure 認定」
During App Service enumeration, you discover that the compromised user can read App Service application settings. Find the hidden flag stored in the application settings.
正解:
See the Answer in Explanation below.
Explanation:
Flag{app_settings_should_not_store_secrets}
Detailed Solution:
Query App Service settings:
az webapp config appsettings list \
--name finance-reporting-api \
--resource-group rg-prod-apps-eastus \
--output json
Search for suspicious keys:
az webapp config appsettings list \
--name finance-reporting-api \
--resource-group rg-prod-apps-eastus \
--query " [?contains(name, ' FLAG ' ) || contains(name, ' Flag ' ) || contains(name, ' SECRET ' )] " \
--output table
Expected output:
Name SlotSetting Value
---------- ------------- ----------------------------------------
APP_FLAG False Flag{app_settings_should_not_store_secrets}
The flag is:
Flag{app_settings_should_not_store_secrets}
Explanation:
Flag{app_settings_should_not_store_secrets}
Detailed Solution:
Query App Service settings:
az webapp config appsettings list \
--name finance-reporting-api \
--resource-group rg-prod-apps-eastus \
--output json
Search for suspicious keys:
az webapp config appsettings list \
--name finance-reporting-api \
--resource-group rg-prod-apps-eastus \
--query " [?contains(name, ' FLAG ' ) || contains(name, ' Flag ' ) || contains(name, ' SECRET ' )] " \
--output table
Expected output:
Name SlotSetting Value
---------- ------------- ----------------------------------------
APP_FLAG False Flag{app_settings_should_not_store_secrets}
The flag is:
Flag{app_settings_should_not_store_secrets}
A storage account allows public blob access. Enumerate containers and identify the public container that exposes backup files.
正解:
See the Answer in Explanation below.
Explanation:
public-backups
Detailed Solution:
Try listing containers using Azure CLI:
az storage container list \
--account-name prodreportstore01 \
--auth-mode login \
--output table
If anonymous access is allowed, test via blob endpoint:
az storage blob list \
--account-name prodreportstore01 \
--container-name public-backups \
--auth-mode key \
--output table
In a lab, you can also test the public URL pattern:
https://prodreportstore01.blob.core.windows.net/public-backups/
Expected exposed container:
public-backups
Final answer:
public-backups
Explanation:
public-backups
Detailed Solution:
Try listing containers using Azure CLI:
az storage container list \
--account-name prodreportstore01 \
--auth-mode login \
--output table
If anonymous access is allowed, test via blob endpoint:
az storage blob list \
--account-name prodreportstore01 \
--container-name public-backups \
--auth-mode key \
--output table
In a lab, you can also test the public URL pattern:
https://prodreportstore01.blob.core.windows.net/public-backups/
Expected exposed container:
public-backups
Final answer:
public-backups
A managed identity has Key Vault Secrets User access to kv-finance-prod. Enumerate secrets and retrieve the hidden flag.
正解:
See the Answer in Explanation below.
Explanation:
Flag{managed_identity_can_read_keyvault_secrets}
Detailed Solution:
List Key Vaults:
az keyvault list --output table
List secrets:
az keyvault secret list \
--vault-name kv-finance-prod \
--output table
Expected output:
Name Enabled
---------------- --------
db-password True
api-token True
internal-flag True
Retrieve the flag secret:
az keyvault secret show \
--vault-name kv-finance-prod \
--name internal-flag \
--query value \
--output tsv
Expected value:
Flag{managed_identity_can_read_keyvault_secrets}
Azure Key Vault can use Azure RBAC for secrets, keys, and certificates, including data-plane secret access.
Explanation:
Flag{managed_identity_can_read_keyvault_secrets}
Detailed Solution:
List Key Vaults:
az keyvault list --output table
List secrets:
az keyvault secret list \
--vault-name kv-finance-prod \
--output table
Expected output:
Name Enabled
---------------- --------
db-password True
api-token True
internal-flag True
Retrieve the flag secret:
az keyvault secret show \
--vault-name kv-finance-prod \
--name internal-flag \
--query value \
--output tsv
Expected value:
Flag{managed_identity_can_read_keyvault_secrets}
Azure Key Vault can use Azure RBAC for secrets, keys, and certificates, including data-plane secret access.