Az - Table Storage Post Exploitation

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

• Angalia the subscription plans!
• Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
• Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

Table Storage Post Exploitation

Kwa maelezo zaidi kuhusu hifadhi ya meza angalia:

Az - Table Storage

Microsoft.Storage/storageAccounts/tableServices/tables/entities/read

Mtu mwenye ruhusa hii ataweza orodhesha meza ndani ya hifadhi ya meza na kusoma taarifa ambazo zinaweza kuwa na taarifa nyeti.

# List tables
az storage table list --auth-mode login --account-name <name>

# Read table (top 10)
az storage entity query \
--account-name <name> \
--table-name <t-name> \
--auth-mode login \
--top 10

Microsoft.Storage/storageAccounts/tableServices/tables/entities/write | Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action | Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action

Mtu mwenye ruhusa hii ataweza kuandika na kufuta entries katika meza ambayo inaweza kumruhusu kuleta uharibifu au hata kupandisha mamlaka (kwa mfano, kufuta data fulani ya kuaminika ambayo inaweza kutumia udhaifu wa sindano katika programu inayotumia hiyo).

• Ruhusa Microsoft.Storage/storageAccounts/tableServices/tables/entities/write inaruhusu vitendo vyote.
• Ruhusa Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action inaruhusu kuongeza entries
• Ruhusa Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action inaruhusu k updates entries zilizopo

# Add
az storage entity insert \
--account-name <acc-name> \
--table-name <t-name> \
--auth-mode login \
--entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"

# Replace
az storage entity replace \
--account-name <acc-name> \
--table-name <t-name> \
--auth-mode login \
--entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"

# Update
az storage entity merge \
--account-name <acc-name> \
--table-name <t-name> \
--auth-mode login \
--entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"

*/delete

Hii itaruhusu kufuta faili ndani ya mfumo wa faili ulio shiriki ambao unaweza kuingilia baadhi ya huduma au kufanya mteja kupoteza taarifa muhimu.

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

• Angalia the subscription plans!
• Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
• Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.