Scanning For Public Azure Containers using gobuster and ffuf

 Uncategorized  Add comments
Jan 112022
 

Scanning for public storage accounts in Azure is pretty fast using ffuf (and gobuster, but much faster in ffuf):

gobuster fuzz -u "https://TARGET.blob.core.windows.net/FUZZ/?restype=container&comp=list" -b 404,400 -w /usr/share/wordlists/dirb/big.txt

and

ffuf -u "https://TARGET.blob.core.windows.net/CONTAINERNAME/FUZZ/?restype=container&comp=list" -fc 400,404,403 -w /usr/share/wordlists/dirb/big.txt -t 100 -timeout 30 -v

The 400 and 404 will be not existing. 403 when ACL is active. 200 when public.

Example results gobuster:


Found: [Status=200] [Length=635] https://TARGET.blob.core.windows.net/backup/?restype=container&comp=list

Example results ffuf:
[Status: 200, Size: 635, Words: 13, Lines: 1, Duration: 15ms]
| URL | https://TARGET.blob.core.windows.net/backup/?restype=container&comp=list
    * FUZZ: backup

The directory content can be checked using `curl https://TARGET.blob.core.windows.net/backup/?restype=container&comp=list` and then files can be downloaded using curl as well.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)