# Az - Table Storage Post Exploitation

{{#include ../../../banners/hacktricks-training.md}}

## Table Storage Post Exploitation

For more information about table storage check:

{{#ref}}
../az-services/az-table-storage.md
{{#endref}}

### Microsoft.Storage/storageAccounts/tableServices/tables/entities/read

A principal with this permission will be able to **list** the tables inside a table storage and **read the info** which might contain **sensitive information**.

```bash
# List tables
az storage table list --auth-mode login --account-name <name>

# Read table (top 10)
az storage entity query \
    --account-name <name> \
    --table-name <t-name> \
    --auth-mode login \
    --top 10
```

### Microsoft.Storage/storageAccounts/tableServices/tables/entities/write | Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action | Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action

A principal with this permission will be able to **write and overwrite entries in tables** which might allow him to cause some damage or even escalate privileges (e.g. overwrite some trusted data that could abuse some injection vulnerability in the app using it).

- The permission `Microsoft.Storage/storageAccounts/tableServices/tables/entities/write` allows all the actions.
- The permission `Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action` allows to **add** entries
- The permission `Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action` allows to **update** existing entries

```bash
# Add
az storage entity insert \
  --account-name <acc-name> \
  --table-name <t-name> \
  --auth-mode login \
  --entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"

# Replace
az storage entity replace \
  --account-name <acc-name> \
  --table-name <t-name> \
  --auth-mode login \
  --entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"

# Update
az storage entity merge \
  --account-name <acc-name> \
  --table-name <t-name> \
  --auth-mode login \
  --entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"
```

### \*/delete

This would allow to delete file inside the shared filesystem which might **interrupt some services** or make the client **lose valuable information**.

{{#include ../../../banners/hacktricks-training.md}}