Az - File Shares

Reading time: 8 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Basic Information

Azure Files ni huduma ya kuhifadhi faili ya wingu inayosimamiwa kikamilifu ambayo inatoa uhifadhi wa faili wa pamoja unaopatikana kupitia protokali za kawaida SMB (Server Message Block) na NFS (Network File System). Ingawa protokali kuu inayotumika ni SMB, kama NFS, Azure file shares hazipatikani kwa Windows (kulingana na docs). Inakuwezesha kuunda sehemu za faili za mtandao zenye upatikanaji wa juu ambazo zinaweza kufikiwa kwa wakati mmoja na mashine nyingi za virtual (VMs) au mifumo ya ndani, ikiruhusu kushiriki faili bila mshono kati ya mazingira.

Access Tiers

Transaction Optimized: Imeboreshwa kwa shughuli zenye muamala mzito.
Hot: Imebalansiwa kati ya muamala na uhifadhi.
Cool: Inagharimu kidogo kwa uhifadhi.
Premium: Uhifadhi wa faili wa utendaji wa juu ulioimarishwa kwa kazi zenye latency ya chini na IOPS-intensive.

Backups

Daily backup: Kituo cha backup kinaundwa kila siku kwa wakati ulioonyeshwa (mfano 19.30 UTC) na kuhifadhiwa kwa siku 1 hadi 200.
Weekly backup: Kituo cha backup kinaundwa kila wiki kwa siku na wakati ulioonyeshwa (Jumapili saa 19.30) na kuhifadhiwa kwa wiki 1 hadi 200.
Monthly backup: Kituo cha backup kinaundwa kila mwezi kwa siku na wakati ulioonyeshwa (mfano Jumapili ya kwanza saa 19.30) na kuhifadhiwa kwa miezi 1 hadi 120.
Yearly backup: Kituo cha backup kinaundwa kila mwaka kwa siku na wakati ulioonyeshwa (mfano Jumapili ya kwanza ya Januari saa 19.30) na kuhifadhiwa kwa miaka 1 hadi 10.
Pia inawezekana kufanya backups za mikono na snapshots wakati wowote. Backups na snapshots kwa kweli ni sawa katika muktadha huu.

Supported Authentications via SMB

On-premises AD DS Authentication: Inatumia akidi za Active Directory za ndani zilizounganishwa na Microsoft Entra ID kwa upatikanaji wa msingi wa utambulisho. Inahitaji muunganisho wa mtandao kwa AD DS ya ndani.
Microsoft Entra Domain Services Authentication: Inatumia Microsoft Entra Domain Services (AD ya wingu) kutoa upatikanaji kwa kutumia akidi za Microsoft Entra.
Microsoft Entra Kerberos for Hybrid Identities: Inawawezesha watumiaji wa Microsoft Entra kuthibitisha Azure file shares kupitia intaneti kwa kutumia Kerberos. Inasaidia mashine za virtual zilizounganishwa na Microsoft Entra au zilizounganishwa na Microsoft Entra bila kuhitaji muunganisho kwa wakala wa kikoa wa ndani. Lakini haisaidii utambulisho wa wingu pekee.
AD Kerberos Authentication for Linux Clients: Inawawezesha wateja wa Linux kutumia Kerberos kwa uthibitisho wa SMB kupitia AD DS ya ndani au Microsoft Entra Domain Services.

Enumeration

bash

# Get storage accounts
az storage account list #Get the account name from here

# List file shares
az storage share list --account-name <name>
az storage share-rm list --storage-account <name> # To see the deleted ones too --include-deleted
# Get dirs/files inside the share
az storage file list --account-name <name> --share-name <share-name>
## If type is "dir", you can continue enumerating files inside of it
az storage file list --account-name <name> --share-name <prev_dir/share-name>
# Download a complete share (with directories and files inside of them)
az storage file download-batch -d . --source <share-name> --account-name <name>
# List snapshots
az storage share snapshot --name <share-name>
# List file shares, including deleted ones
az rest --method GET \
--url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}/fileServices/default/shares?%24skipToken=&%24maxpagesize=20&%24filter=&%24expand=deleted&api-version=2019-06-01"

# Get snapshots/backups
az storage share list --account-name <name> --include-snapshots --query "[?snapshot != null]"
# List contents of a snapshot/backup
az storage file list --account-name <name> --share-name <share-name> --snapshot <snapshot-version> #e.g. "2024-11-25T11:26:59.0000000Z"
# Download snapshot/backup
az storage file download-batch -d . --account-name <name> --source <share-name> --snapshot <snapshot-version>

bash

Get-AzStorageAccount

# List File Shares
Get-AzStorageShare -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context

# Get Directories/Files Inside the Share
Get-AzStorageFile -ShareName "<share-name>" -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context
Get-AzStorageFile -ShareName "<share-name>" -Path "<share-directory-path>" -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context

# Download a Complete Share
Get-AzStorageFileContent -ShareName "<share-name>" -Destination "C:\Download" -Path "<share-directory-path>" -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context

# Get Snapshots/Backups
Get-AzStorageShare -Context (Get-AzStorageAccount -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>").Context | Where-Object { $_.SnapshotTime -ne $null }

# List Contents of a Snapshot/Backup
Get-AzStorageFile -ShareName "<share-name>" -Context (New-AzStorageContext -StorageAccountName "<storage-account-name>" -StorageAccountKey (Get-AzStorageAccountKey -ResourceGroupName "<resource-group-name>" -Name "<storage-account-name>" | Select-Object -ExpandProperty Value) -SnapshotTime "<snapshot-version>")

note

Kwa default az cli itatumia funguo ya akaunti kusaini funguo na kutekeleza kitendo. Ili kutumia mamlaka ya Entra ID principal tumia vigezo --auth-mode login --enable-file-backup-request-intent.

tip

Tumia param --account-key kuashiria funguo ya akaunti inayotumika
Tumia param --sas-token pamoja na token ya SAS ili kufikia kupitia token ya SAS

Connection

Hizi ndizo scripts zilizopendekezwa na Azure wakati wa kuandika ili kuunganisha File Share:

Unahitaji kubadilisha <STORAGE-ACCOUNT>, <ACCESS-KEY> na <FILE-SHARE-NAME> placeholders.

bash

$connectTestResult = Test-NetConnection -ComputerName filescontainersrdtfgvhb.file.core.windows.net -Port 445
if ($connectTestResult.TcpTestSucceeded) {
# Save the password so the drive will persist on reboot
cmd.exe /C "cmdkey /add:`"<STORAGE-ACCOUNT>.file.core.windows.net`" /user:`"localhost\<STORAGE-ACCOUNT>`" /pass:`"<ACCESS-KEY>`""
# Mount the drive
New-PSDrive -Name Z -PSProvider FileSystem -Root "\\<STORAGE-ACCOUNT>.file.core.windows.net\<FILE-SHARE-NAME>" -Persist
} else {
Write-Error -Message "Unable to reach the Azure storage account via port 445. Check to make sure your organization or ISP is not blocking port 445, or use Azure P2S VPN, Azure S2S VPN, or Express Route to tunnel SMB traffic over a different port."
}

bash

sudo mkdir /mnt/disk-shareeifrube
if [ ! -d "/etc/smbcredentials" ]; then
sudo mkdir /etc/smbcredentials
fi
if [ ! -f "/etc/smbcredentials/<STORAGE-ACCOUNT>.cred" ]; then
sudo bash -c 'echo "username=<STORAGE-ACCOUNT>" >> /etc/smbcredentials/<STORAGE-ACCOUNT>.cred'
sudo bash -c 'echo "password=<ACCESS-KEY>" >> /etc/smbcredentials/<STORAGE-ACCOUNT>.cred'
fi
sudo chmod 600 /etc/smbcredentials/<STORAGE-ACCOUNT>.cred

sudo bash -c 'echo "//<STORAGE-ACCOUNT>.file.core.windows.net/<FILE-SHARE-NAME> /mnt/<FILE-SHARE-NAME> cifs nofail,credentials=/etc/smbcredentials/<STORAGE-ACCOUNT>.cred,dir_mode=0777,file_mode=0777,serverino,nosharesock,actimeo=30" >> /etc/fstab'
sudo mount -t cifs //<STORAGE-ACCOUNT>.file.core.windows.net/<FILE-SHARE-NAME> /mnt/<FILE-SHARE-NAME> -o credentials=/etc/smbcredentials/<STORAGE-ACCOUNT>.cred,dir_mode=0777,file_mode=0777,serverino,nosharesock,actimeo=30

bash

open smb://<STORAGE-ACCOUNT>:<ACCESS-KEY>@<STORAGE-ACCOUNT>.file.core.windows.net/<FILE-SHARE-NAME>

tip

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

HackTricks Cloud

Az - File Shares

Basic Information

Access Tiers

Backups

Supported Authentications via SMB

Enumeration

Connection

Uainishaji wa hifadhi wa kawaida (funguo za ufikiaji, SAS...)

Kuinua Haki

Baada ya Kutekeleza

Kudumu