# Az - Queue Storage Persistence

{{#include ../../../banners/hacktricks-training.md}}

## Queue

For more information check:

{{#ref}}
../az-services/az-queue-enum.md
{{#endref}}

### Actions: `Microsoft.Storage/storageAccounts/queueServices/queues/write`

This permission allows an attacker to create or modify queues and their properties within the storage account. It can be used to create unauthorized queues, modify metadata, or change access control lists (ACLs) to grant or restrict access. This capability could disrupt workflows, inject malicious data, exfiltrate sensitive information, or manipulate queue settings to enable further attacks.

```bash
az storage queue create --name <new-queue-name> --account-name <storage-account>

az storage queue metadata update --name <queue-name> --metadata key1=value1 key2=value2 --account-name <storage-account>

az storage queue policy set --name <queue-name> --permissions rwd --expiry 2024-12-31T23:59:59Z --account-name <storage-account>
```

## References

- [https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues](https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues)
- [https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api](https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api)
- [https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes](https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes)

{{#include ../../../banners/hacktricks-training.md}}