-
Notifications
You must be signed in to change notification settings - Fork 258
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #114 from JaimePolop/patch-15
Create az-queue-persistance.md
- Loading branch information
Showing
1 changed file
with
69 additions
and
0 deletions.
There are no files selected for viewing
69 changes: 69 additions & 0 deletions
69
pentesting-cloud/azure-security/az-persistence/az-queue-persistance.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| # Az - Queue Persistance | ||
|
|
||
| {% hint style="success" %} | ||
| Learn & practice AWS Hacking:<img src="../../.gitbook/assets/image (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/image (1) (1).png" alt="" data-size="line">\ | ||
| Learn & practice GCP Hacking: <img src="../../.gitbook/assets/image (2).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/image (2).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte) | ||
|
|
||
| <details> | ||
|
|
||
| <summary>Support HackTricks</summary> | ||
|
|
||
| * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! | ||
| * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** | ||
| * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. | ||
|
|
||
| </details> | ||
| {% endhint %} | ||
|
|
||
| ## Queue | ||
|
|
||
| For more information check: | ||
|
|
||
| {% content-ref url="../az-services/az-queue-enum.md" %} | ||
| [az-queue-enum.md](../az-services/az-queue-enum.md) | ||
| {% endcontent-ref %} | ||
|
|
||
|
|
||
|
|
||
| ### Actions: `Microsoft.Storage/storageAccounts/queueServices/queues/write` | ||
|
|
||
| This permission allows an attacker to create or modify queues and their properties within the storage account. It can be used to create unauthorized queues, modify metadata, or change access control lists (ACLs) to grant or restrict access. This capability could disrupt workflows, inject malicious data, exfiltrate sensitive information, or manipulate queue settings to enable further attacks. | ||
|
|
||
| {% code overflow="wrap" %} | ||
| ```bash | ||
| az storage queue create --name <new-queue-name> --account-name <storage-account> | ||
|
|
||
| az storage queue metadata update --name <queue-name> --metadata key1=value1 key2=value2 --account-name <storage-account> | ||
|
|
||
| az storage queue policy set --name <queue-name> --permissions rwd --expiry 2024-12-31T23:59:59Z --account-name <storage-account> | ||
| ``` | ||
| {% endcode %} | ||
|
|
||
| ### Actions: `Microsoft.Storage/storageAccounts/queueServices/queues/setAcl/action` | ||
|
|
||
| With this permission, an attacker can modify the access control list (ACL) of an Azure Storage Queue, which can be used with shared access signatures. This enables the attacker to grant themselves or other malicious users persistent access to the queue, even if legitimate access credentials are revoked. By maintaining unauthorized access, they could continuously monitor, manipulate, or exfiltrate data, ensuring their presence remains undetected and workflows are disrupted over time. | ||
|
|
||
| {% code overflow="wrap" %} | ||
| ```bash | ||
| az storage queue policy create \ | ||
| --queue-name <QUEUE_NAME> \ | ||
| --account-name <STORAGE_ACCOUNT_NAME> \ | ||
| --account-key <STORAGE_ACCOUNT_KEY> \ | ||
| --name <POLICY_NAME> \ | ||
| --permission <PERMISSIONS> \ | ||
| --start <START_TIME> \ | ||
| --expiry <EXPIRY_TIME> | ||
| ``` | ||
|
|
||
| ## References | ||
|
|
||
| * https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues | ||
| * https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api | ||
| * https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes | ||
|
|
||
| * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! | ||
| * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** | ||
| * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. | ||
|
|
||
| </details> | ||
| {% endhint %} |