Az - Storage Persistence

Reading time: 2 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Storage Privesc

Kwa maelezo zaidi kuhusu uhifadhi angalia:

Az - Storage Accounts & Blobs

Hila za kawaida

  • Hifadhi funguo za ufikiaji
  • Tengeneza SAS
  • Watumiaji walipewa mamlaka ni siku 7 tu

Microsoft.Storage/storageAccounts/blobServices/containers/update && Microsoft.Storage/storageAccounts/blobServices/deletePolicy/write

Ruhusa hizi zinamruhusu mtumiaji kubadilisha mali za huduma ya blob kwa kipengele cha uhifadhi wa kufutwa, ambacho kinamwezesha au kuunda kipindi cha uhifadhi kwa kontena zilizofutwa. Ruhusa hizi zinaweza kutumika kwa kudumisha kudumu ili kutoa fursa kwa mshambuliaji kurejesha au kubadilisha kontena zilizofutwa ambazo zinapaswa kuwa zimeondolewa kabisa na kufikia taarifa nyeti.

bash
az storage account blob-service-properties update \
--account-name <STORAGE_ACCOUNT_NAME> \
--enable-container-delete-retention true \
--container-delete-retention-days 100

Microsoft.Storage/storageAccounts/read && Microsoft.Storage/storageAccounts/listKeys/action

Ruhusa hizi zinaweza kumpelekea mshambuliaji kubadilisha sera za uhifadhi, kurejesha data zilizofutwa, na kufikia taarifa nyeti.

bash
az storage blob service-properties delete-policy update \
--account-name <STORAGE_ACCOUNT_NAME> \
--enable true \
--days-retained 100

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks