Update az-storage-privesc.md

2025-12-05 20:40:18 -08:00 · 2024-12-13 01:33:44 +01:00
parent 509183b030
commit b860fa520c
1 changed files with 12 additions and 0 deletions
--- a/pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md
+++ b/pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md
@@ -150,6 +150,18 @@ az storage blob undelete \
 ```
 {% endcode %}

+### Microsoft.Storage/storageAccounts/fileServices/shares/restore/action && Microsoft.Storage/storageAccounts/read
+
+With these permissions, an attacker can restore a deleted Azure file share by specifying its deleted version ID. This privilege escalation could allow an attacker to recover sensitive data that was meant to be permanently deleted, potentially leading to unauthorized access.
+
+{% code overflow="wrap" %}
+```bash
+az storage share-rm restore \
+  --storage-account <STORAGE_ACCOUNT_NAME> \
+  --name <FILE_SHARE_NAME> \
+  --deleted-version <VERSION>
+```
+{% endcode %}

 ## Other interesting looking permissions (TODO)