gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-29 14:13:20 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
8ea0f4a3f1d6b8a82f9271a63fb09aedbc937f97
hacktricks-cloud/src/pentesting-cloud/azure-security/az-post-exploitation/az-table-storage-post-exploitation.md
Carlos Polop 4ef00e6b1b translate fix
2025-01-01 23:55:17 +01:00

2.3 KiB
Raw Blame History

Az - Table Storage Post Exploitation

{{#include ../../../banners/hacktricks-training.md}}

Table Storage Post Exploitation

For more information about table storage check:

{{#ref}} ../az-services/az-table-storage.md {{#endref}}

Microsoft.Storage/storageAccounts/tableServices/tables/entities/read

A principal with this permission will be able to list the tables inside a table storage and read the info which might contain sensitive information.

# List tables
az storage table list --auth-mode login --account-name <name>

# Read table (top 10)
az storage entity query \
    --account-name <name> \
    --table-name <t-name> \
    --auth-mode login \
    --top 10

Microsoft.Storage/storageAccounts/tableServices/tables/entities/write | Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action | Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action

A principal with this permission will be able to write and overwrite entries in tables which might allow him to cause some damage or even escalate privileges (e.g. overwrite some trusted data that could abuse some injection vulnerability in the app using it).

  • The permission Microsoft.Storage/storageAccounts/tableServices/tables/entities/write allows all the actions.
  • The permission Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action allows to add entries
  • The permission Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action allows to update existing entries
# Add
az storage entity insert \
  --account-name <acc-name> \
  --table-name <t-name> \
  --auth-mode login \
  --entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"

# Replace
az storage entity replace \
  --account-name <acc-name> \
  --table-name <t-name> \
  --auth-mode login \
  --entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"

# Update
az storage entity merge \
  --account-name <acc-name> \
  --table-name <t-name> \
  --auth-mode login \
  --entity PartitionKey=HR RowKey=12345 Name="John Doe" Age=30 Title="Manager"

*/delete

This would allow to delete file inside the shared filesystem which might interrupt some services or make the client lose valuable information.

{{#include ../../../banners/hacktricks-training.md}}

Reference in New Issue View Git Blame Copy Permalink