Update az-storage.md

2026-03-12 21:22:57 -07:00 · 2026-01-13 15:55:00 +01:00
parent c86885ebe6
commit ce30a61d98
1 changed files with 0 additions and 7 deletions
--- a/src/pentesting-cloud/azure-security/az-services/az-storage.md
+++ b/src/pentesting-cloud/azure-security/az-services/az-storage.md
@@ -82,13 +82,6 @@ az storage blob list --container-name '$web' --account-name <acc-name> --auth-mo
 az storage blob download -c '$web' --name iac/terraform.tfvars --file /dev/stdout --account-name <acc-name> --auth-mode login
 ```

- Inspect downloaded files for leaked **SAS tokens** or credentials. SAS params show scope and risk: `sv` (API version), `ss` (services like blob `b`), `srt` (resource types `s`/`c`/`o`), `sp` (permissions such as `r`/`l`/`a`/`c`/`w`/`d`/`x`), `se` (expiry), and `sig` (signature). A wide `sp` set plus far-future `se` indicates a long-lived bearer credential that enables read/list/write/delete until revoked.
- Abuse a recovered SAS immediately, for example:
-
-```bash
-az storage blob list --account-name <acc-name> --container-name <target-container> --sas-token "<sv=...&ss=...&srt=...&sp=...&se=...&sig=...>"
-```
-
 ### Connect to Storage

 If you find any **storage** you can connect to you could use the tool [**Microsoft Azure Storage Explorer**](https://azure.microsoft.com/es-es/products/storage/storage-explorer/) to do so.