Using the Azure Serial Console
Updated: Aug 30, 2020
Hi, today I want to share a very small post about a hidden gem:
Azure Serial Console
Even though it has been around for quite a while already, I noticed that its existence is not that widely known yet & those that do don't really know how to get started.
To just blatantly steal the description from the official page:
The Serial Console in the Azure portal provides access to a text-based console for virtual machines (VMs) and virtual machine scale set instances running either Linux or Windows. This serial connection connects to the ttyS0 or COM1 serial port of the VM or virtual machine scale set instance, providing access independent of the network or operating system state. The serial console can only be accessed by using the Azure portal and is allowed only for those users who have an access role of Contributor or higher to the VM or virtual machine scale set.
So hey, this could be a very interesting tool to use as a backdoor in case you lose network access to your VM.
Because face it, who hasn't accidentally changed network settings inside a VM, only to immediately do a facepalm because you lost all network connectivity to the machine.
Pro tip: don't touch any of the network settings inside a VM unless you know exactly what you're doing. Make all changes to the network settings from the azure platform.
For the Linux adepts, things are easy: just open up the serial console and you will be greeted by a logon prompt as you would expect.
Enter your credentials and you're good to go.
For the Windows admins out there, things can be a bit more confusing as the documentation only seem to learn us things like how to send Non Maskable Interrupts (NMIs) or SysRqs.
.... Because we all need those on a daily base.
The question you probably have is:
"How can I access my old trusted CMD where I can use commands like netsh to fix all my (Azure VM related) mistakes"
The answers is quite easy:
Open the serial console on a VM.
For windows machines, what you will get is the scary SAC
(Help, I don't know any commands for that?!)
Typing "help" doesn't help you much.
Hidden in the official documentation are the only commands you need:
And then switch to the newly created CMD channel (in this case Cmd0003)
Ch -sn Cmd0003
What you will now get is a logon prompt.
Assuming you've killed the network at this point, enter a valid local user
(or a cached credential if you like to cache your admin passwords on all servers for easy hacking)