Jan 112022

Scanning for public storage accounts in Azure is pretty fast using ffuf (and gobuster, but much faster in ffuf):

gobuster fuzz -u "https://TARGET.blob.core.windows.net/FUZZ/?restype=container&comp=list" -b 404,400 -w /usr/share/wordlists/dirb/big.txt


ffuf -u "https://TARGET.blob.core.windows.net/CONTAINERNAME/FUZZ/?restype=container&comp=list" -fc 400,404,403 -w /usr/share/wordlists/dirb/big.txt -t 100 -timeout 30 -v

The 400 and 404 will be not existing. 403 when ACL is active. 200 when public.

Example results gobuster:

Found: [Status=200] [Length=635] https://TARGET.blob.core.windows.net/backup/?restype=container&comp=list

Example results ffuf:
[Status: 200, Size: 635, Words: 13, Lines: 1, Duration: 15ms]
| URL | https://TARGET.blob.core.windows.net/backup/?restype=container&comp=list
    * FUZZ: backup

The directory content can be checked using `curl https://TARGET.blob.core.windows.net/backup/?restype=container&comp=list` and then files can be downloaded using curl as well.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>