Translated ['src/pentesting-cloud/azure-security/az-persistence/az-queue

2026-01-15 06:13:16 -08:00 · 2025-02-20 00:55:22 +00:00
parent 2acd657e33
commit c70ee455d0
10 changed files with 78 additions and 46 deletions
--- a/src/pentesting-cloud/azure-security/az-services/az-queue.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-queue.md
@@ -0,0 +1,91 @@
+# Az - Queue Storage
+
+{{#include ../../../banners/hacktricks-training.md}}
+
+## Basiese Inligting
+
+Azure Queue Storage is 'n diens in Microsoft se Azure wolkplatform wat ontwerp is vir boodskapkwotering tussen toepassingskomponente, **wat asynchrone kommunikasie en ontkoppeling moontlik maak**. Dit stel jou in staat om 'n onbeperkte aantal boodskappe te stoor, elk tot 64 KB in grootte, en ondersteun operasies soos die skep en verwyder van kwotasies, die toevoeging, opvraging, opdatering en verwydering van boodskappe, sowel as die bestuur van metadata en toegangbeleide. Terwyl dit tipies boodskappe in 'n eerste-in-eerste-uit (FIFO) manier verwerk, word strikte FIFO nie gewaarborg nie.
+
+### Enumerasie
+
+{{#tabs }}
+{{#tab name="Az Cli" }}
+```bash
+# You need to know the --account-name of the storage (az storage account list)
+az storage queue list --account-name <storage_account> # --auth-mode login
+
+# Queue Metadata
+az storage queue metadata show --name <queue_name> --account-name <storage_account> # --auth-mode login
+
+#Get ACL
+az storage queue policy list --queue-name <queue_name> --account-name <storage_account> # --auth-mode login
+
+# Get Messages (getting a message deletes it)
+az storage message get --queue-name <queue_name> --account-name <storage_account> # --auth-mode login
+
+# Peek Messages
+az storage message peek --queue-name <queue_name> --account-name <storage_account> # --auth-mode login
+```
+{{#endtab }}
+
+{{#tab name="Az PS" }}
+```bash
+# Get the Storage Context
+$storageAccount = Get-AzStorageAccount -ResourceGroupName QueueResourceGroup -Name queuestorageaccount1994
+$ctx = $storageAccount.Context
+
+# Set Variables for Storage Account
+$storageAccountName = "queuestorageaccount"
+
+# List Queues
+Get-AzStorageQueue -Context $context
+$queueName = "myqueue"
+
+# Retrieve a specific queue
+$queue = Get-AzStorageQueue -Name $queueName -Context $context
+$queue # Show the properties of the queue
+
+# Retrieve the access policies for the queue
+$accessPolicies = Get-AzStorageQueueStoredAccessPolicy -Context $context -QueueName $queueName
+$accessPolicies
+
+# Peek Messages
+$queueMessage = $queue.QueueClient.PeekMessage()
+$queueMessage.Value
+
+# Set the amount of time you want to entry to be invisible after read from the queue
+# If it is not deleted by the end of this time, it will show up in the queue again
+$visibilityTimeout = [System.TimeSpan]::FromSeconds(10)
+
+# Read the messages from the queue, then show the contents of the messages.
+$queueMessage = $queue.QueueClient.ReceiveMessages(1,$visibilityTimeout)
+$queueMessage.Value
+```
+{{#endtab }}
+{{#endtabs }}
+
+### Privilege Escalation
+
+{{#ref}}
+../az-privilege-escalation/az-queue-privesc.md
+{{#endref}}
+
+### Post Exploitation
+
+{{#ref}}
+../az-post-exploitation/az-queue-post-exploitation.md
+{{#endref}}
+
+### Persistence
+
+{{#ref}}
+../az-persistence/az-queue-persistance.md
+{{#endref}}
+
+## References
+
+- [https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues](https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues)
+- [https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api](https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api)
+- [https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes](https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes)
+
+{{#include ../../../banners/hacktricks-training.md}}