Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to Upload to an Azure File Share #397

Closed
jshsec opened this issue Feb 3, 2021 · 11 comments
Closed

Ability to Upload to an Azure File Share #397

jshsec opened this issue Feb 3, 2021 · 11 comments
Labels
enhancement New feature or request

Comments

@jshsec
Copy link

jshsec commented Feb 3, 2021

KAPE version
The version of KAPE you are currently using
0.9.6.0
Is your feature request related to a problem? Please describe.
Not necessarily - being able to upload to a file share as well as blob storage would be useful. I'm getting errors when attempting to upload using a File service SAS URL.

Describe the solution you'd like
From current testing, using the file service SAS throws an error of a HTTP header being incorrect. I would love to be able to upload the vhdx files to a file storage for ease access to my analysis workstation rather than having to go through blob storage.
Describe alternatives you've considered
Having to upload to blob storage and transfer across.
Additional context
Add any other context or screenshots about the feature request here.

@jshsec jshsec added the enhancement New feature or request label Feb 3, 2021
@Karneades
Copy link
Contributor

There is already support for Azure (asu, see kape.exe --help). See #201 or #194 too. Do you already use that switch?

From one of those issues:

Azure and AWS S3 is already include. :)
image

Originally posted by @Beercow in #194 (comment)

@jshsec
Copy link
Author

jshsec commented Feb 3, 2021

This is the switch that I have been using. However it was throwing errors when I was attempting the SAS to the file share, which then fixed when I used a blob URL.

Secondly, I'm currently trying to transfer a VHDX to said blob storage, and it's throwing a StackOverflowException:

Azure Storaging collection...
        Starting transfer of 'C:\Users\device\Desktop\Execution.zip'

Process is terminated due to StackOverflowException.

Is this a known issue?

@Karneades
Copy link
Contributor

How large is that file?

@jshsec
Copy link
Author

jshsec commented Feb 3, 2021

Sorry I missed that part out. During the compression, it appeared to gain a large amount file size. Started at 36MB and "compressed" to 20GB? Is there a file size limit? I used to EvidenceOfExecution target only.

Compressing VHDX file to 'C:\Users\device\Desktop\Execution.zip'...
Done. Original size: 36MB, Compressed size: 20.2GB

@EricZimmerman
Copy link
Owner

i could only add something if there was sdk support for it.

if you can provide a test url or something that i can try to upload some test data i can see about adding File share support.

no promises of course, since we can already shoot to azure and automating from azure to somewhere else is probably easier than this change =)

that compression seems crazy to me. i would have to see the ConsoleLog file (with debug enabled ideally).

@jshsec
Copy link
Author

jshsec commented Feb 3, 2021

I'm just running it again at the minute, and i'll see the outcome. Then i'll run it again with debug mode enabled and fire it over.

As for the File Share support, I can get around with using blobs no problem - if I can get it to work. Will post the console log when it's completed.

@EricZimmerman
Copy link
Owner

there should be no file size limits or anything like that. assuming the connection is stable it should go. i have sent gbs of stuff upstream.

@jshsec
Copy link
Author

jshsec commented Feb 3, 2021

Interesting. I was confused to say the least. It did hang for a very long time, but the kape process was running as expected.

I've just re-ran it and it's worked. Must have been a drop in connection. Will get back to you on the file share option shortly.

Thanks for the unrivalled support!

@EricZimmerman
Copy link
Owner

can you share a SAS url for what you are trying to use, something that is good for a week or 2?

@EricZimmerman
Copy link
Owner

closing this as existing Azure stuff works fine

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants