HackTricks CloudAz - Table Storage Post Exploitation
Reading time: 3 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Table Storage Post Exploitation
Kwa maelezo zaidi kuhusu hifadhi ya meza angalia:
Microsoft.Storage/storageAccounts/tableServices/tables/entities/read
Mtu mwenye ruhusa hii ataweza orodhesha meza ndani ya hifadhi ya meza na kusoma taarifa ambazo zinaweza kuwa na taarifa nyeti.
# List tables
az storage table list --auth-mode login --account-name <name>
# Read table (top 10)
az storage entity query \
--account-name <name> \
--table-name <t-name> \
--auth-mode login \
--top 10
Microsoft.Storage/storageAccounts/tableServices/tables/entities/write | Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action | Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action
Mtu mwenye ruhusa hii ataweza kuandika na kufuta entries katika meza ambayo inaweza kumruhusu kuleta uharibifu au hata kupandisha mamlaka (kwa mfano, kufuta data fulani ya kuaminika ambayo inaweza kutumia udhaifu wa sindano katika programu inayotumia hiyo).
- Ruhusa
Microsoft.Storage/storageAccounts/tableServices/tables/entities/writeinaruhusu vitendo vyote. - Ruhusa
Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/actioninaruhusu kuongeza entries - Ruhusa
Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/actioninaruhusu k updates entries zilizopo
# Add
az storage entity insert \
--account-name <acc-name> \
--table-name <t-name> \
--auth-mode login \
--entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"
# Replace
az storage entity replace \
--account-name <acc-name> \
--table-name <t-name> \
--auth-mode login \
--entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"
# Update
az storage entity merge \
--account-name <acc-name> \
--table-name <t-name> \
--auth-mode login \
--entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"
*/delete
Hii itaruhusu kufuta faili ndani ya mfumo wa faili ulio shiriki ambao unaweza kuingilia baadhi ya huduma au kufanya mteja kupoteza taarifa muhimu.
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.