Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments by Matt Burrough

Author:Matt Burrough [Burrough, Matt]
Language: eng
Format: epub, mobi, pdf
ISBN: 9781593278649
Publisher: No Starch Press
Published: 2018-07-30T23:00:00+00:00

Accessing Queues

Azure Storage queues provide a place to line up transactions and process them sequentially as resources become available. Mainly software developers use queues; after all, few people other than developers need to worry about processing data in order.

From a penetration testing perspective, I used to find queues boring. They usually sit empty, waiting for a flood of work to come in, and are drained shortly thereafter when the tasks are all handled. I changed my opinion, though, when I saw the most beautiful, yet horrifying use of queues imaginable: a queue to send unsigned commands to a server for execution. Many security researchers will spend weeks or even months trying to find vulnerable software and develop remote code execution exploits—getting a process on a different computer to run code under the attacker’s control. Here, it wasn’t a vulnerability but rather an intentional feature!

Although that particular instance is an extreme case, queues actually lend themselves to this kind of behavior if a developer isn’t careful. Developers generally use them as an input into some custom application, like an order fulfillment system. The application’s developer might expect that the queue only contains work items from another trusted system they own, such as the order page on their website, so the developer neglects to put in proper validation on the work item’s fields. That means an attacker can inject their own custom messages into the queue, and the service that processes them might not confirm that the data in those messages makes sense. If these fields happen to contain the price of items for sale, the bank account where payments should be sent, or what system commands the computer processing the request should run, then the attacker has found a very high-priority bug.

DEFENDER’S TIP

If you use a queue to transport confidential data or to send commands that must come from a verified source, you should use asymmetric cryptography to encrypt or sign the messages before they are placed in the queue. Then, the receiver can decrypt the message or validate its signature to ensure it is authentic and hasn’t been tampered with.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.