# Az - Queue Storage

{{#include ../../../banners/hacktricks-training.md}}

## Informazioni di base

Azure Queue Storage è un servizio nella piattaforma cloud Azure di Microsoft progettato per la messaggistica tra i componenti dell'applicazione, **abilitando comunicazione asincrona e disaccoppiamento**. Consente di memorizzare un numero illimitato di messaggi, ciascuno fino a 64 KB di dimensione, e supporta operazioni come la creazione e la cancellazione di code, l'aggiunta, il recupero, l'aggiornamento e la cancellazione di messaggi, oltre alla gestione dei metadati e delle politiche di accesso. Sebbene elabori tipicamente i messaggi in un ordine first-in-first-out (FIFO), la FIFO rigorosa non è garantita.

### Enumerazione

{{#tabs }}
{{#tab name="Az Cli" }}
```bash
# You need to know the --account-name of the storage (az storage account list)
az storage queue list --account-name <storage_account> # --auth-mode login

# Queue Metadata
az storage queue metadata show --name <queue_name> --account-name <storage_account> # --auth-mode login

#Get ACL
az storage queue policy list --queue-name <queue_name> --account-name <storage_account> # --auth-mode login

# Get Messages (getting a message deletes it)
az storage message get --queue-name <queue_name> --account-name <storage_account> # --auth-mode login

# Peek Messages
az storage message peek --queue-name <queue_name> --account-name <storage_account> # --auth-mode login
```
{{#endtab }}

{{#tab name="Az PS" }}
```bash
# Get the Storage Context
$storageAccount = Get-AzStorageAccount -ResourceGroupName QueueResourceGroup -Name queuestorageaccount1994
$ctx = $storageAccount.Context

# Set Variables for Storage Account
$storageAccountName = "queuestorageaccount"

# List Queues
Get-AzStorageQueue -Context $context
$queueName = "myqueue"

# Retrieve a specific queue
$queue = Get-AzStorageQueue -Name $queueName -Context $context
$queue # Show the properties of the queue

# Retrieve the access policies for the queue
$accessPolicies = Get-AzStorageQueueStoredAccessPolicy -Context $context -QueueName $queueName
$accessPolicies

# Peek Messages
$queueMessage = $queue.QueueClient.PeekMessage()
$queueMessage.Value

# Set the amount of time you want to entry to be invisible after read from the queue
# If it is not deleted by the end of this time, it will show up in the queue again
$visibilityTimeout = [System.TimeSpan]::FromSeconds(10)

# Read the messages from the queue, then show the contents of the messages.
$queueMessage = $queue.QueueClient.ReceiveMessages(1,$visibilityTimeout)
$queueMessage.Value
```
{{#endtab }}
{{#endtabs }}

### Escalation dei privilegi

{{#ref}}
../az-privilege-escalation/az-queue-privesc.md
{{#endref}}

### Post Exploitation

{{#ref}}
../az-post-exploitation/az-queue-post-exploitation.md
{{#endref}}

### Persistenza

{{#ref}}
../az-persistence/az-queue-persistance.md
{{#endref}}

## Riferimenti

- [https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues](https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues)
- [https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api](https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api)
- [https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes](https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes)

{{#include ../../../banners/hacktricks-training.md}}