Az - Queue Storage

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

Basic Information

Azure Queue Storage is a service in Microsoft's Azure cloud platform designed for message queuing between application components, enabling asynchronous communication and decoupling. It allows you to store an unlimited number of messages, each up to 64 KB in size, and supports operations such as creating and deleting queues, adding, retrieving, updating, and deleting messages, as well as managing metadata and access policies. While it typically processes messages in a first-in-first-out (FIFO) manner, strict FIFO is not guaranteed.

Enumeration

{% tabs %} {% tab title="Az Cli" %}

# You need to know the --account-name of the storage (az storage account list)
az storage queue list --account-name <storage_account>

# Queue Metadata
az storage queue metadata show --name <queue_name> --account-name <storage_account>

#Get ACL 
az storage queue policy list --queue-name <queue_name> --account-name <storage_account>

# Get Messages (getting a message deletes it)
az storage message get --queue-name <queue_name> --account-name <storage_account>

# Peek Messages
az storage message peek --queue-name <queue_name> --account-name <storage_account>

{% endtab %}

{% tab title="Az PS" %}

# Get the Storage Context
$storageAccount = Get-AzStorageAccount -ResourceGroupName QueueResourceGroup -Name queuestorageaccount1994
$ctx = $storageAccount.Context

# Set Variables for Storage Account
$storageAccountName = "queuestorageaccount"

# List Queues
Get-AzStorageQueue -Context $context
$queueName = "myqueue"

# Retrieve a specific queue
$queue = Get-AzStorageQueue -Name $queueName -Context $context
$queue # Show the properties of the queue

# Retrieve the access policies for the queue
$accessPolicies = Get-AzStorageQueueStoredAccessPolicy -Context $context -QueueName $queueName
$accessPolicies

# Peek Messages
$queueMessage = $queue.QueueClient.PeekMessage()
$queueMessage.Value

# Set the amount of time you want to entry to be invisible after read from the queue
# If it is not deleted by the end of this time, it will show up in the queue again
$visibilityTimeout = [System.TimeSpan]::FromSeconds(10)

# Read the messages from the queue, then show the contents of the messages.
$queueMessage = $queue.QueueClient.ReceiveMessages(1,$visibilityTimeout)
$queueMessage.Value

{% endtab %} {% endtabs %}

Privilege Escalation

{% content-ref url="../az-privilege-escalation/az-queue-privesc.md" %} az-queue-privesc.md {% endcontent-ref %}

Post Exploitation

{% content-ref url="../az-post-exploitation/az-queue-post-exploitation.md" %} az-queue-post-exploitation.md {% endcontent-ref %}

Persistence

{% content-ref url="../az-persistence/az-queue-persistance.md" %} az-queue-persistance.md {% endcontent-ref %}

References