hacktricks-cloud/pentesting-cloud/azure-security/az-services/az-table-storage.md

# Az - Table Storage

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

## Basic Information

**Azure Table Storage** is a NoSQL key-value store designed for storing large volumes of structured, non-relational data. It offers high availability, low latency, and scalability to handle large datasets efficiently. Data is organized into tables, with each entity identified by a partition key and row key, enabling fast lookups. It supports features like encryption at rest, role-based access control, and shared access signatures for secure, managed storage suitable for a wide range of applications.

There **isn't built-in backup mechanism** for table storage.

### Keys

#### **PartitionKey**

* The **PartitionKey groups entities into logical partitions**. Entities with the same PartitionKey are stored together, which improves query performance and scalability.
* Example: In a table storing employee data, `PartitionKey` might represent a department, e.g., `"HR"` or `"IT"`.

#### **RowKey**

* The **RowKey is the unique identifier** for an entity within a partition. When combined with the PartitionKey, it ensures that each entity in the table has a globally unique identifier.
* Example: For the `"HR"` partition, `RowKey` might be an employee ID, e.g., `"12345"`.

#### **Other Properties (Custom Properties)**

* Besides the PartitionKey and RowKey, an entity can have additional **custom properties to store data**. These are user-defined and act like columns in a traditional database.
* Properties are stored as **key-value pairs**.
* Example: `Name`, `Age`, `Title` could be custom properties for an employee.

## Enumeration

```bash
# Get storage accounts
az storage account list

# List tables
az storage table list --account-name <name>

# Read table
az storage entity query \
  --account-name <name> \
  --table-name <t-name> \
  --top 10
  
# Write table
az storage entity insert \
  --account-name <STORAGE_ACCOUNT_NAME> \
  --table-name <TABLE_NAME> \
  --entity PartitionKey=<PARTITION_KEY> RowKey=<ROW_KEY> <PROPERTY_KEY>=<PROPERTY_VALUE>

# Write example
az storage entity insert \
  --account-name mystorageaccount \
  --table-name mytable \
  --entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"

# Update row
az storage entity merge \
  --account-name mystorageaccount \
  --table-name mytable \
  --entity PartitionKey=pk1 RowKey=rk1 Age=31
```

{% hint style="info" %}
By default `az` cli will use an account key to sign a key and perform the action. To use the Entra ID principal privileges use the parameters `--auth-mode login`.
{% endhint %}

{% hint style="success" %}
Use the param `--account-key` to indicate the account key to use\
Use the param `--sas-token` with the SAS token to access via a SAS token
{% endhint %}

## Privilege Escalation

Same as storage privesc:

{% content-ref url="../az-privilege-escalation/az-storage-privesc.md" %}
[az-storage-privesc.md](../az-privilege-escalation/az-storage-privesc.md)
{% endcontent-ref %}

## Post Exploitation

{% content-ref url="../az-post-exploitation/az-table-storage-post-exploitation.md" %}
[az-table-storage-post-exploitation.md](../az-post-exploitation/az-table-storage-post-exploitation.md)
{% endcontent-ref %}

## Persistence

Same as storage persistence:

{% content-ref url="../az-persistence/az-storage-persistence.md" %}
[az-storage-persistence.md](../az-persistence/az-storage-persistence.md)
{% endcontent-ref %}

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}