Az - MySQL Post Exploitation

Reading time: 4 minutes

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

MySQL Database Post Exploitation

For more information about MySQL Database check:

{% content-ref url="../az-services/az-mysql.md" %} az-mysql.md {% endcontent-ref %}

"Microsoft.DBforMySQL/flexibleServers/databases/write" && "Microsoft.DBforMySQL/flexibleServers/databases/read"

With this permission, you can create new databases within a MySQL Flexible Server instance on Azure. While this action itself does not modify existing resources, excessive or unauthorized creation of databases could lead to resource consumption, or potential misuse of the server.

{% code overflow="wrap" %}

bash
az mysql flexible-server db create \
  --server-name <server_name> \
  --resource-group <resource_group_name> \
  --database-name <database_name>

{% endcode %}

"Microsoft.DBforMySQL/flexibleServers/backups/write"

With this permission, you can initiate the creation of backups for a MySQL Flexible Server instance on Azure. This allows users to generate on-demand backups, which can be useful for preserving data at specific points in time.

{% code overflow="wrap" %}

bash
az mysql flexible-server backup create \
  --name <server_name> \
  --resource-group <resource_group_name>
  --backup-name <backup_name>

{% endcode %}

"Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings/write"

With this permission, you can configure or update the Advanced Threat Protection (ATP) settings for a MySQL Flexible Server instance on Azure. This allows enabling or diabling security features designed to detect and respond to anomalous activities and potential threats.

{% code overflow="wrap" %}

bash
az mysql flexible-server threat-protection-policy update \
  --name <server_name> \
  --resource-group <resource_group_name> \
  --state <Enabled|Disabled>

{% endcode %}

"Microsoft.DBforMySQL/flexibleServers/firewallRules/write"

With this permission, you can create or modify firewall rules for a MySQL Flexible Server instance on Azure. This allows control over which IP addresses or ranges can access the server. Unauthorized or improper use of this permission could expose the server to unwanted or malicious access.

{% code overflow="wrap" %}

bash
# Create Rule
az mysql flexible-server firewall-rule create \
  --name <server_name> \
  --resource-group <resource_group_name> \
  --rule-name <rule_name> \
  --start-ip-address <start_ip> \
  --end-ip-address <end_ip>

# Update Rule
az mysql flexible-server firewall-rule update \
  --name <server_name> \
  --resource-group <resource_group_name> \
  --rule-name <rule_name> \
  --start-ip-address <start_ip> \
  --end-ip-address <end_ip>

{% endcode %}

"Microsoft.DBforMySQL/flexibleServers/resetGtid/action"

With this permission, you can reset the GTID (Global Transaction Identifier) for a MySQL Flexible Server instance on Azure. Resetting GTID will invalidate all the automated, on-demand backups and geo-backups that were taken before the reset action. After GTID reset, you will not be able to perform PITR (point-in-time-restore) using fastest restore point or by custom restore point if the selected restore time is before the GTID reset time. And successful geo-restore will be possible only after 5 days.

{% code overflow="wrap" %}

bash
az mysql flexible-server reset-gtid \
  --name  \
  --resource-group <resource_group_name> \
    --gtid-set <gtid>

{% endcode %}

"Microsoft.DBforMySQL/flexibleServers/updateConfigurations/action"

With this permission, you can update the configuration settings of a MySQL Flexible Server instance on Azure. This allows customization of server parameters such as performance tuning, security configurations, or operational settings. You can update the following parameters together in a batch: audit_log_enabled, audit_log_events, binlog_expire_logs_seconds, binlog_row_image, character_set_server, collation_server, connect_timeout, enforce_gtid_consistency, gtid_mode, init_connect, innodb_buffer_pool_size, innodb_io_capacity, innodb_io_capacity_max, innodb_purge_threads, innodb_read_io_threads, innodb_thread_concurrency, innodb_write_io_threads, long_query_time, max_connect_errors, and max_connections.

{% code overflow="wrap" %}

bash
az mysql flexible-server parameter set-batch \
    --resource-group <resource_group_name> \
    --server-name <server_name> \
    --args max_connections=<value>

{% endcode %}

"Microsoft.DBforMySQL/flexibleServers/read", "Microsoft.DBforMySQL/flexibleServers/write" && "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action"

With this permission, you can assign a user-assigned managed identity to MySQL flexible servers.

{% code overflow="wrap" %}

bash
az mysql flexible-server identity assign \
    --resource-group <ResourceGroupName> \
    --server-name <ServerName> \
    --identity <IdentityName>

{% endcode %}

"Microsoft.DBforMySQL/flexibleServers/stop/action"

With this permission, you can stop a PostgreSQL Flexible Server instance on Azure. Stopping a server can lead to temporary service disruption, affecting applications and users dependent on the database.

{% code overflow="wrap" %}

bash
az mysql flexible-server stop \
  --name <server_name> \
  --resource-group <resource_group_name>

{% endcode %}

"Microsoft.DBforMySQL/flexibleServers/start/action"

With this permission, you can start a stopped PostgreSQL Flexible Server instance on Azure. Starting a server restores its availability, enabling applications and users to reconnect and access the database.

{% code overflow="wrap" %}

az mysql flexible-server start \
  --name <server_name> \
  --resource-group <resource_group_name>