Blob Storage Challenge in the Neighborhood
Difficulty:
Shown in Report
Help the Goose Grace near the pond find which Azure Storage account has been misconfigured to allow public blob access by analyzing the export file.
Objective Image
Back
Challenge

HONK! Let’s lock this down.
The Neighborhood HOA uses Azure storage accounts for IT ops. You’re asked to audit storage security to ensure no sensitive data is public. Recent reports suggest some accounts may have public blob access enabled - a potential data exposure risk.
Task: Review storage account/container public access settings and confirm nothing sensitive is exposed.

Solution

This task is guided by the system. Therefore, I will only show the commands and most important console outputs here:

πŸŽ„ Welcome! πŸŽ„
In a moment, you will be connected to an Azure CLI session in the "neighborhood" tenant.
Your mission: πŸ” Investigate and find WHERE a security vulnerability exists.
Good luck! I'm sure you will do great. Connecting you now...

You may not know this but the Azure cli help messages are very easy to access. First, try typing:
$ az help | less

neighbor@0c2c3ff21eae:~$ az help | less

Group
    az
...

Next, you've already been configured with credentials. πŸ”‘
  $ az account show | less
  - Pipe the output to | less so you can scroll.
  - Press 'q' to exit less.

neighbor@0c2c3ff21eae:~$ az account show | less

{
  "environmentName": "AzureCloud",
  "id": "2b0942f3-9bca-484b-a508-abdae2db5e64",
...

Now that you've run a few commands, Let's take a look at some Azure storage accounts.
Try: az storage account list | less
For more information:
https://learn.microsoft.com/en-us/cli/azure/storage/account?view=azure-cli-latest

neighbor@0c2c3ff21eae:~$ az storage account list | less

[
  {
    "id": "/subscriptions/2b0942f3-9bca-484b-a508-abdae2db5e64/resourceGroups/theneighborhood-rg1/providers/Microsoft.Storage/storageAccounts/neighborhood1",
...
    "name": "neighborhood1",
...

hmm... one of these looks suspicious 🚨, i think there may be a misconfiguration here somewhere.
Try showing the account that has a common misconfiguration: az storage account show --name xxxxxxxxxx | less

neighbor@0c2c3ff21eae:~$ az storage account show --name neighborhood2 | less

{
  "id": "/subscriptions/2b0942f3-9bca-484b-a508-abdae2db5e64/resourceGroups/theneighborhood-rg1/providers/Microsoft.Storage/storageAccounts/neighborhood2",
  "name": "neighborhood2",
...
    "allowBlobPublicAccess": true,
...

Now we need to list containers in neighborhood2. After running the command what's interesting in the list?
For more information:
https://learn.microsoft.com/en-us/cli/azure/storage/container?view=azure-cli-latest#az-storage-container-list

neighbor@0c2c3ff21eae:~$ az storage container list --account-name neighborhood2 | less

...
    "name": "public",
    "properties": {
      "lastModified": "2024-01-15T09:00:00Z",
      "publicAccess": "Blob"
...

Let's take a look at the blob list in the public container for neighborhood2.
For more information:
https://learn.microsoft.com/en-us/cli/azure/storage/blob?view=azure-cli-latest#az-storage-blob-list

neighbor@0c2c3ff21eae:~$ az storage blob list --account-name neighborhood2  --container-name public 

...
  {
    "name": "admin_credentials.txt",
    "properties": {
      "contentLength": 1024,
      "contentType": "text/plain",
...

Try downloading and viewing the blob file named admin_credentials.txt from the public container.
πŸ’‘ hint: --file /dev/stdout should print in the terminal. Dont forget to use | less!

neighbor@0c2c3ff21eae:~$ az storage blob download --account-name neighborhood2 --container-name public --name 'admin_credentials.txt' --file /dev/stdout | less

# You have discovered an Azure Storage account with "allowBlobPublicAccess": true.
# This misconfiguration allows ANYONE on the internet to view and download files
# from the blob container without authentication.

# Public blob access is highly insecure when sensitive data (like admin credentials)
# is stored in these containers. Always disable public access unless absolutely required.

Azure Portal Credentials
User: azureadmin
Pass: AzUR3!P@ssw0rd#2025

🎊 Great, you found the misconfiguration allowing public access to sensitive information!

βœ… Challenge Complete! To finish, type: finish

finish

Let's keep in mind there are some other files in there which might come in handy at a later stage: 

neighbor@0c2c3ff21eae:~$ az storage blob download --account-name neighborhood2 --container-name public --name 'network_config.json' --file /dev/stdout  |less
neighbor@0c2c3ff21eae:~$ az storage blob download --account-name neighborhood2 --container-name public --name 'refrigerator_inventory.pdf' --file /dev/stdout  |less