Az - Storage Persistence

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Storage Privesc

Kwa maelezo zaidi kuhusu uhifadhi angalia:

Az - Storage Accounts & Blobs

Hila za kawaida

  • Hifadhi funguo za ufikiaji
  • Tengeneza SAS
  • Watumiaji walipewa mamlaka ni siku 7 tu

Microsoft.Storage/storageAccounts/blobServices/containers/update && Microsoft.Storage/storageAccounts/blobServices/deletePolicy/write

Ruhusa hizi zinamruhusu mtumiaji kubadilisha mali za huduma ya blob kwa kipengele cha uhifadhi wa kufutwa, ambacho kinamwezesha au kuunda kipindi cha uhifadhi kwa kontena zilizofutwa. Ruhusa hizi zinaweza kutumika kwa kudumisha kudumu ili kutoa fursa kwa mshambuliaji kurejesha au kubadilisha kontena zilizofutwa ambazo zinapaswa kuwa zimeondolewa kabisa na kufikia taarifa nyeti.

az storage account blob-service-properties update \
--account-name <STORAGE_ACCOUNT_NAME> \
--enable-container-delete-retention true \
--container-delete-retention-days 100

Microsoft.Storage/storageAccounts/read && Microsoft.Storage/storageAccounts/listKeys/action

Ruhusa hizi zinaweza kumpelekea mshambuliaji kubadilisha sera za uhifadhi, kurejesha data zilizofutwa, na kufikia taarifa nyeti.

az storage blob service-properties delete-policy update \
--account-name <STORAGE_ACCOUNT_NAME> \
--enable true \
--days-retained 100

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks