GITBOOK-711: No subject

SUMMARY.md

@@ -406,6 +406,7 @@
       * [Az - State Configuration RCE](pentesting-cloud/azure-security/az-services/az-automation-account/az-state-configuration-rce.md)
     * [Az - Azure App Service & Function Apps](pentesting-cloud/azure-security/az-services/az-azure-app-service.md)
     * [Az - Storage](pentesting-cloud/azure-security/az-services/az-storage.md)
+    * [Az - File Shares](pentesting-cloud/azure-security/az-services/az-file-shares.md)
     * [Az - Intune](pentesting-cloud/azure-security/az-services/intune.md)
     * [Az - Key Vault](pentesting-cloud/azure-security/az-services/keyvault.md)
     * [Az - Logic Apps](pentesting-cloud/azure-security/az-services/az-logic-apps.md)
@@ -432,6 +433,8 @@
     * [Az - Primary Refresh Token (PRT)](pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/az-primary-refresh-token-prt.md)
   * [Az - Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/README.md)
     * [Az - Key Vault Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-key-vault-post-exploitation.md)
+    * [Az - File Share Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-file-share-post-exploitation.md)
+    * [Az - Blob Storage Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation/az-blob-storage-post-exploitation.md)
   * [Az - Privilege Escalation](pentesting-cloud/azure-security/az-privilege-escalation/README.md)
     * [Az - Authorization Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-authorization-privesc.md)
     * [Az - Storage Privesc](pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md)
@@ -442,8 +445,6 @@
   * [Az - Entra ID (formerly AzureAD - AAD)](pentesting-cloud/azure-security/az-azuread/README.md)
     * [Az - Conditional Access Policies / MFA Bypass](pentesting-cloud/azure-security/az-azuread/az-conditional-access-policies-mfa-bypass.md)
     * [Az - Dynamic Groups Privesc](pentesting-cloud/azure-security/az-azuread/dynamic-groups.md)
-  * [Az - Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation-1/README.md)
-    * [Az - Storage Post Exploitation](pentesting-cloud/azure-security/az-post-exploitation-1/az-storage-post-exploitation.md)
 * [Digital Ocean Pentesting](pentesting-cloud/digital-ocean-pentesting/README.md)
   * [DO - Basic Information](pentesting-cloud/digital-ocean-pentesting/do-basic-information.md)
   * [DO - Permissions for a Pentest](pentesting-cloud/digital-ocean-pentesting/do-permissions-for-a-pentest.md)

pentesting-cloud/azure-security/az-post-exploitation-1/az-storage-post-exploitation.md → pentesting-cloud/azure-security/az-post-exploitation/az-blob-storage-post-exploitation.md

@@ -1,4 +1,4 @@
-# Az - Storage Post Exploitation
+# Az - Blob Storage Post Exploitation
 
 {% hint style="success" %}
 Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="line">\
@@ -23,9 +23,9 @@ For more information about storage check:
 [az-storage.md](../az-services/az-storage.md)
 {% endcontent-ref %}
 
-### Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read | Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read | Microsoft.Storage/storageAccounts/queueServices/queues/messages/read | Microsoft.Storage/storageAccounts/tableServices/tables/entities/read
+### Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
 
-A principal with one of those permissions will be able to **list** the allowed object type (like a container in the first case) and **read** the **content** of the objects (like blobs) which might contain **sensitive information**.
+A principal with this permission will be able to **list** the blobs (files) inside a container and **download** the files which might contain **sensitive information**.
 
 ```bash
 # e.g. Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
@@ -39,9 +39,9 @@ az storage blob download \
   -n file.txt --auth-mode login
 ```
 
-### Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write | Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write | Microsoft.Storage/storageAccounts/queueServices/queues/messages/write | Microsoft.Storage/storageAccounts/tableServices/tables/entities/write
+### Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write
 
-A principal with this permission will be able to **write and overwrite the allowed objects** (like blobs in the first case) which might allow him to cause some damage or even escalate privileges (e.g. overwrite some code stored in a blob storage):
+A principal with this permission will be able to **write and overwrite files in containers** which might allow him to cause some damage or even escalate privileges (e.g. overwrite some code stored in a blob):
 
 ```bash
 # e.g. Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write

pentesting-cloud/azure-security/az-post-exploitation/az-file-share-post-exploitation.md

@@ -0,0 +1,74 @@
+# Az - File Share Post Exploitation
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="line">\
+Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+
+<details>
+
+<summary>Support HackTricks</summary>
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+</details>
+{% endhint %}
+
+## File Share Privesc
+
+For more information about file shares check:
+
+{% content-ref url="../az-services/az-file-shares.md" %}
+[az-file-shares.md](../az-services/az-file-shares.md)
+{% endcontent-ref %}
+
+### Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read
+
+A principal with this permission will be able to **list** the files inside a file share and **download** the files which might contain **sensitive information**.
+
+```bash
+# List files inside an azure file share
+az storage file list \
+    --account-name <name> \
+    --share-name <share-name> \
+    --auth-mode login --enable-file-backup-request-intent
+
+# Download an specific file 
+az storage file download \
+    --account-name <name> \
+    --share-name <share-name> \
+    --path <filename-to-download> \
+    --dest /path/to/down \
+    --auth-mode login --enable-file-backup-request-intent
+```
+
+### Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write
+
+A principal with this permission will be able to **write and overwrite files in file shares** which might allow him to cause some damage or even escalate privileges (e.g. overwrite some code stored in a file share):
+
+```bash
+az storage blob upload \
+  --account-name <acc-name> \
+  --container-name <container-name> \
+  --file /tmp/up.txt --auth-mode login --overwrite
+```
+
+### \*/delete
+
+This would allow to delete file inside the shared filesystem which might **interrupt some services** or make the client **lose valuable information**.
+
+{% hint style="success" %}
+Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="line">\
+Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
+
+<details>
+
+<summary>Support HackTricks</summary>
+
+* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
+* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
+
+</details>
+{% endhint %}

pentesting-cloud/azure-security/az-privilege-escalation/az-storage-privesc.md

@@ -55,6 +55,8 @@ az storage account update --name <acc-name> --add networkRuleSet.ipRules value=<
 ```
 {% endcode %}
 
+## Blobs Specific privesc
+
 ### Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/write | Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies/delete
 
 The first permission allows to **modify immutability policies** in containers and the second to delete them.
@@ -76,15 +78,26 @@ az storage container immutability-policy update \
   --period <NEW_RETENTION_PERIOD_IN_DAYS>
 ```
 
-### Other interesting looking permissions (TODO)
+## File shares specific privesc
+
+### Microsoft.Storage/storageAccounts/fileServices/takeOwnership/action
+
+This should allow a user having this permission to be able to take the ownership of files inside the shared filesystem.
+
+### Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action
+
+This should allow a user having this permission to be able to modify the permissions files inside the shared filesystem.
+
+### Microsoft.Storage/storageAccounts/fileServices/fileshares/files/actassuperuser/action
+
+This should allow a user having this permission to be able to perform actions inside a file system as a superuser.
+
+## Other interesting looking permissions (TODO)
 
 * Microsoft.Storage/storageAccounts/blobServices/containers/blobs/manageOwnership/action: Changes ownership of the blob
 * Microsoft.Storage/storageAccounts/blobServices/containers/blobs/modifyPermissions/action: Modifies permissions of the blob
 * Microsoft.Storage/storageAccounts/blobServices/containers/blobs/runAsSuperUser/action: Returns the result of the blob command
 * Microsoft.Storage/storageAccounts/blobServices/containers/blobs/immutableStorage/runAsSuperUser/action
-* Microsoft.Storage/storageAccounts/fileServices/takeOwnership/action: File Take Ownership Privilege
-* Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action: Returns the result of modifying permission on a file/folder
-* Microsoft.Storage/storageAccounts/fileServices/fileshares/files/actassuperuser/action: Get File Admin Privileges
 
 ## References