🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
☁️ HackTricks Cloud / Az - Blob Storage Post Exploitation

Az - Blob Storage Post Exploitation

{{#include ../../../banners/hacktricks-training.md}}

Storage Privesc

For more information about storage check:

{{#ref}}
../az-services/az-storage.md
{{#endref}}

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read

A principal with this permission will be able to list the blobs (files) inside a container and download the files which might contain sensitive information.

# e.g. Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
az storage blob list \
  --account-name <acc-name> \
  --container-name <container-name> --auth-mode login

az storage blob download \
  --account-name <acc-name> \
  --container-name <container-name> \
  -n file.txt --auth-mode login

Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write

A principal with this permission will be able to write and overwrite files in containers which might allow him to cause some damage or even escalate privileges (e.g. overwrite some code stored in a blob):

# e.g. Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write
az storage blob upload \
  --account-name <acc-name> \
  --container-name <container-name> \
  --file /tmp/up.txt --auth-mode login --overwrite

*/delete

This would allow to delete objects inside the storage account which might interrupt some services or make the client lose valuable information.

{{#include ../../../banners/hacktricks-training.md}}