adminze

Jan 112022
 

Scanning for public storage accounts in Azure is pretty fast using ffuf (and gobuster, but much faster in ffuf):

gobuster fuzz -u "https://TARGET.blob.core.windows.net/FUZZ/?restype=container&comp=list" -b 404,400 -w /usr/share/wordlists/dirb/big.txt

and

ffuf -u "https://TARGET.blob.core.windows.net/CONTAINERNAME/FUZZ/?restype=container&comp=list" -fc 400,404,403 -w /usr/share/wordlists/dirb/big.txt -t 100 -timeout 30 -v

The 400 and 404 will be not existing. 403 when ACL is active. 200 when public.

Example results gobuster:


Found: [Status=200] [Length=635] https://TARGET.blob.core.windows.net/backup/?restype=container&comp=list

Example results ffuf:
[Status: 200, Size: 635, Words: 13, Lines: 1, Duration: 15ms]
| URL | https://TARGET.blob.core.windows.net/backup/?restype=container&comp=list
    * FUZZ: backup

The directory content can be checked using `curl https://TARGET.blob.core.windows.net/backup/?restype=container&comp=list` and then files can be downloaded using curl as well.