3.9 KiB
Az - File Share Post Exploitation
{% hint style="success" %}
Learn & practice AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
File Share Privesc
For more information about file shares check:
{% content-ref url="../az-services/az-file-shares.md" %} az-file-shares.md {% endcontent-ref %}
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read
A principal with this permission will be able to list the files inside a file share and download the files which might contain sensitive information.
# List files inside an azure file share
az storage file list \
--account-name <name> \
--share-name <share-name> \
--auth-mode login --enable-file-backup-request-intent
# Download an specific file
az storage file download \
--account-name <name> \
--share-name <share-name> \
--path <filename-to-download> \
--dest /path/to/down \
--auth-mode login --enable-file-backup-request-intent
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write, Microsoft.Storage/storageAccounts/fileServices/writeFileBackupSemantics/action
A principal with this permission will be able to write and overwrite files in file shares which might allow him to cause some damage or even escalate privileges (e.g. overwrite some code stored in a file share):
az storage blob upload \
--account-name <acc-name> \
--container-name <container-name> \
--file /tmp/up.txt --auth-mode login --overwrite
*/delete
This would allow to delete file inside the shared filesystem which might interrupt some services or make the client lose valuable information.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.