Az - File Share Post Exploitation

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Angalia the subscription plans!

Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.

Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

File Share Post Exploitation

Kwa maelezo zaidi kuhusu file shares angalia:

Az - File Shares

`Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read`

Mtu mwenye ruhusa hii ataweza orodhesha faili ndani ya file share na kupakua faili ambazo zinaweza kuwa na taarifa nyeti.

# List files inside an azure file share
az storage file list \
--account-name <name> \
--share-name <share-name> \
--auth-mode login --enable-file-backup-request-intent

# Download an specific file
az storage file download \
--account-name <name> \
--share-name <share-name> \
--path <filename-to-download> \
--dest /path/to/down \
--auth-mode login --enable-file-backup-request-intent

`Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write`, `Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action`

Mtu mwenye ruhusa hii ataweza kuandika na kufuta faili katika sehemu za faili ambayo inaweza kumruhusu kuleta uharibifu au hata kupandisha mamlaka (kwa mfano, kufuta baadhi ya msimbo uliohifadhiwa katika sehemu ya faili):

az storage blob upload \
--account-name <acc-name> \
--container-name <container-name> \
--file /tmp/up.txt --auth-mode login --overwrite

*/delete

Hii itaruhusu kufuta faili ndani ya mfumo wa faili ulio shiriki ambao unaweza kuingilia baadhi ya huduma au kufanya mteja kupoteza taarifa muhimu.

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Angalia the subscription plans!

Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.

Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

HackTricks Cloud

Az - File Share Post Exploitation

Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read

Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write, Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action

*/delete

`Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read`

`Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write`, `Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action`