Az - PostgreSQL Post Exploitation

Reading time: 3 minutes

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PostgreSQL Database Post Exploitation

For more information about PostgreSQL Database check:

Az - PostgreSQL

Use pg_azure_storage extension to access Storage accounts

It's possible to use the extension pg_azure_storage to access Azure Storage accounts from a PostgreSQL server. This will use the permissions of the managed identity assigned to the server to access the storage account.

For more information check this technique explained in the privilege escalation section:

Az - PostgreSQL Privesc

`Microsoft.DBforPostgreSQL/flexibleServers/databases/write` && `Microsoft.DBforPostgreSQL/flexibleServers/databases/read`

With this permission, you can create new databases within a Postgres Flexible Server instance on Azure. While this action itself does not modify existing resources, excessive or unauthorized creation of databases could lead to resource consumption, or potential misuse of the server.

bash

az postgres flexible-server db create \
  --server-name <server_name> \
  --resource-group <resource_group_name> \
  --database-name <database_name>

`Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/write` && `Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/read`

With this permission, you can configure or update the Advanced Threat Protection (ATP) settings for a Postgres Flexible Server instance on Azure. This allows enabling or diabling security features designed to detect and respond to anomalous activities and potential threats.

bash

az postgres flexible-server threat-protection-policy update \
  --name <server_name> \
  --resource-group <resource_group_name> \
  --state <Enabled|Disabled>

`Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/write`, `Microsoft.DBforPostgreSQL/flexibleServers/read` && `Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/read`

With this permission, you can create or modify firewall rules for a Postgres Flexible Server instance on Azure. This allows control over which IP addresses or ranges can access the server. Unauthorized or improper use of this permission could expose the server to unwanted or malicious access.

bash

# Create Rule
az postgres flexible-server firewall-rule create \
  --name <server_name> \
  --resource-group <resource_group_name> \
  --rule-name <rule_name> \
  --start-ip-address <start_ip> \
  --end-ip-address <end_ip>

# Update Rule
az postgres flexible-server firewall-rule update \
  --name <server_name> \
  --resource-group <resource_group_name> \
  --rule-name <rule_name> \
  --start-ip-address <start_ip> \
  --end-ip-address <end_ip>

`Microsoft.DBforPostgreSQL/flexibleServers/configurations/write` && `Microsoft.DBforPostgreSQL/flexibleServers/configurations/read`

With this permission, you can update the configuration settings of a Postgres Flexible Server instance on Azure. This allows customization of server parameters such as performance tuning, security configurations, or operational settings.

bash

az postgres flexible-server parameter set \
    --resource-group <resource_group_name> \
    --server-name <server_name> \
    --name <parameter_name> \
    --value <parameter_value>

`Microsoft.DBforPostgreSQL/flexibleServers/stop/action`

With this permission, you can stop a PostgreSQL Flexible Server instance on Azure. Stopping a server can lead to temporary service disruption, affecting applications and users dependent on the database.

bash

az postgres flexible-server stop \
  --name <server_name> \
  --resource-group <resource_group_name>

`Microsoft.DBforPostgreSQL/flexibleServers/start/action`

With this permission, you can start a stopped PostgreSQL Flexible Server instance on Azure. Starting a server restores its availability, enabling applications and users to reconnect and access the database.

az postgres flexible-server start \
  --name <server_name> \
  --resource-group <resource_group_name>

`Microsoft.DBforPostgreSQL/flexibleServers/read`, `Microsoft.DBforPostgreSQL/flexibleServers/write` && `Microsoft.ManagedIdentity/userAssignedIdentities/assign/action`

With this permission, you can assign a user-assigned managed identity to postgres flexible servers.

az postgres flexible-server identity assign \
    --resource-group <ResourceGroupName> \
    --server-name <ServerName> \
    --identity <IdentityName>

HackTricks Cloud