Gathering Azure Storage Keys

What is Azure Storage?

Azure Storage is a Microsoft based cloud storage service, that provides highly available, scalable and redundant storage, at a fraction of the cost and different storage offerings such as tables, blobs, file storage and queues.

Access Keys

By default, every storage account has two keys that provide full access to its data. They are called the primary key and the secondary key, although they both provide the same level of access.

To view these keys, we have to browse the Azure Portal as can be seen from below image.

The access keys are accessible to the Azure administrator by browsing to the storage account settings.

If the attacker gets these keys, he/she can able to get the full access of the storage account.

So, In this blog, we can see how to get the keys using Get-AzurePasswords module within MicroBurst

What is MicroBurst?

MicroBurst is a PowerShell toolkit for attacking azure includes functions and scripts that support Azure Services discovery, weak configuration auditing, and post exploitation actions such as credential dumping. It is available in github. It is intended to be used during penetration tests where Azure is in use.

Once downloaded the tool, we can see the Get-AzurePassword module is available in the AzureRM folder.

Get-AzurePasswords Module

How to exploit?

Step 1: Import the MicroBurst Module

Step 2: Login to the Azure Account

Step 3: Gather Keys

References:

Azure Storage documentation

A Beginners Guide to Gathering Azure Passwords

MicroBurst Archives - NetSPI Blog