Skip to content

Blob Storage Challenge in the neighborhood⚓︎

Difficulty:
Direct link: Blob Storage Challenge in the neighborhood

Objective⚓︎

Request

Help the Goose Grace near the pond find which Azure Storage account has been misconfigured to allow public blob access by analyzing the export file.

Grace

Screenshot 2026-04-20 164538

Solution⚓︎

Grace asked me to audit the Azure storage security configuration and identify which storage account has public blob access enabled. The terminal session connected to the Azure CLI tenant and introduced the mission.

Screenshot 2026-04-20 164612

The first task asked to see the Azure CLI help using the command:

Azure CLI help
1
az help | less

The command gave the list of available commands and options.

Screenshot 2026-04-20 164733

The second task asked to display the current active account with the command:

Azure CLI current account
1
az account show | less

The result shows that the account name active is "theneighborhood-sub".

Screenshot 2026-04-20 164834

The next task asked to list all storage accounts the active subscription can access with the command:

Azure CLI list subscriptions
1
az account storage account list | less
The result shows the list of storage accounts which follows the pattern: neighordhood1-neighordhood6.

Screenshot 2026-04-20 165036

The next task asked to show the details of each storage account and identify the one with public blob access using the command:

Azure CLI show storage account
1
az account storage account show --name xxxxxxxxxxx | less

After checking a couple of them, the account name neighordhood2 shows a "allowBlobPublicAccess": true

Screenshot 2026-04-20 165140

The next task asked to list the containers for the storage account neighordhood2. I used the command:

Azure CLI list public containers
1
az storage container list --account-name neighordhood2

The command revealed a private and a public container.

Screenshot 2026-04-20 165339

The next task asked to take a look at the blob list in the public container for the storage account neighordhood2. I used the command:

Azure CLI list public blobs
1
az storage blob list --account-name neighordhood2 --container-name public

The command revealed the blob list of the public container. This particular screenshot shows the file of interest admin_credentials.txt.

Screenshot 2026-04-20 165509

The next task was to download and view the file admin_credentials.txt using the command:

Azure CLI download public blob
1
az storage blob download --account-name neighordhood2 --container-name public --file admin_credentials.txt --file /dev/stdout

This command with the --file /dev/stdout option shows the content of the file on the screen.

After downloading and displaying the content of the file admin_credentials.txt, the challenge was completed.

Screenshot 2026-04-20 165922

I typed finished as required to complete the objective.

Screenshot 2026-04-20 165949

The objective was added to the achievements list.

Screenshot 2026-05-26 002213

Response⚓︎

Grace

HONK HONK HONK! 'No sensitive data publicly accessible' they claimed. Meanwhile, literally everything was public! Good save, security expert!