# Azure Blob Storage
Blob storage is used to store unstructured data (like filed, videos, audio, etc). There are three types of resources in blob storage:
1. Storage account - Unique namespace across Azure (can be accessed over HTTP and HTTPS)
2. Container in the storage account (may be multiple in a storage account) also known as the 'Folders' in the storage account
3. Blob in a container - Stores data. Three types of blobs - Block, append and page blobs.
### Storage account endpoints
A storage account has globally unique endpoints. It is very useful in enumeration too by guessing the storage account names:
### Storage Account Access
Storage Accounts support RBAC. For example the 'Storage Blob Data Reader' role allows a identity to read the data inside the storage account. Other than that, storage accounts support `Access keys`.
{% hint style="info" %}
Access keys are not rotated by default
{% endhint %}
### Anonymous access
By default, anonymous access is not allowed for storage accounts. However, if enabled, this allows read access to blobs or even containers to the public. We can enumerate these using Microbust:
```powershell
Invoke-EnumerateAzureBlobs -Base x
Found Storage Account - xcodebackup.blob.core.windows.net
Found Storage Account - xcommon.blob.core.windows.net
```
If you have found a container that allows you to list blobs (files), you can list those files using:
```
https://xcommon.blob.core.windows.net/backup?restype=container&comp=list
```
It contains a blob called "blob\_client.py", to access the file we can go to
```
https://xcommon.blob.core.windows.net/backup/blob_client.py
```
{% hint style="info" %}
Check for interesting secrets that allow access to other storage accounts
{% endhint %}
If it contains a `SAS`url, we can use Azure Storage Explorer to connect to that container:
### Storage Container
Get containers context
```powershell
Get-AzStorageContainer -Context (New-AzStorageContext -StorageAccountName defcorpcodebackup)
```
### Versioning
Maybe there are deleted files that we can recover. We can check for versioning using curl:
```sh
curl -H "x-ms-version: 2019-12-12" 'https://XXXX.blob.core.windows.net/RESOURCE?restype=container&comp=list&include=versions' | xmllint --format - | less
```
Note that we include the `x-ms-version`as header because else this is not supported by Azure. If there are any hits download the file using curl:
```sh
curl -H "x-ms-version: 2019-12-12" 'https://XXXX.blob.core.windows.net/RESOURCE/myzip.zip?versionId=2024-03-29T20:55:40.8265593Z' -o myzip.zip
```
