HackTricks CloudAz - PostgreSQL Post Exploitation
Reading time: 5 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
PostgreSQL Database Post Exploitation
Kwa maelezo zaidi kuhusu PostgreSQL Database angalia:
Tumia ugani pg_azure_storage kufikia Akaunti za Hifadhi
Inawezekana kutumia ugani pg_azure_storage kufikia Akaunti za Hifadhi za Azure kutoka kwa seva ya PostgreSQL. Hii itatumia ruhusa za utambulisho wa usimamizi uliotolewa kwa seva kufikia akaunti ya hifadhi.
Kwa maelezo zaidi angalia mbinu hii iliyoelezwa katika sehemu ya kupandisha hadhi:
Microsoft.DBforPostgreSQL/flexibleServers/databases/write && Microsoft.DBforPostgreSQL/flexibleServers/databases/read
Kwa ruhusa hii, unaweza kuunda databasi mpya ndani ya mfano wa Postgres Flexible Server kwenye Azure. Ingawa kitendo hiki hakibadilishi rasilimali zilizopo, kuunda databasi nyingi kupita kiasi au zisizoidhinishwa kunaweza kusababisha matumizi ya rasilimali, au matumizi mabaya ya seva.
az postgres flexible-server db create \
--server-name <server_name> \
--resource-group <resource_group_name> \
--database-name <database_name>
Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/write && Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/read
Kwa ruhusa hii, unaweza kuunda au kusasisha mipangilio ya Advanced Threat Protection (ATP) kwa mfano wa Postgres Flexible Server kwenye Azure. Hii inaruhusu kuwezesha au kuzima vipengele vya usalama vilivyoundwa kugundua na kujibu shughuli zisizo za kawaida na vitisho vinavyoweza kutokea.
az postgres flexible-server threat-protection-policy update \
--name <server_name> \
--resource-group <resource_group_name> \
--state <Enabled|Disabled>
Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/write, Microsoft.DBforPostgreSQL/flexibleServers/read && Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/read
Kwa ruhusa hii, unaweza kuunda au kubadilisha sheria za firewall kwa mfano wa Postgres Flexible Server kwenye Azure. Hii inaruhusu udhibiti juu ya anwani za IP au maeneo gani yanaweza kufikia seva. Matumizi yasiyoidhinishwa au yasiyo sahihi ya ruhusa hii yanaweza kufichua seva kwa ufikiaji usiohitajika au mbaya.
# Create Rule
az postgres flexible-server firewall-rule create \
--name <server_name> \
--resource-group <resource_group_name> \
--rule-name <rule_name> \
--start-ip-address <start_ip> \
--end-ip-address <end_ip>
# Update Rule
az postgres flexible-server firewall-rule update \
--name <server_name> \
--resource-group <resource_group_name> \
--rule-name <rule_name> \
--start-ip-address <start_ip> \
--end-ip-address <end_ip>
Microsoft.DBforPostgreSQL/flexibleServers/configurations/write && Microsoft.DBforPostgreSQL/flexibleServers/configurations/read
Kwa ruhusa hii, unaweza kuboresha mipangilio ya usanidi wa mfano wa Postgres Flexible Server kwenye Azure. Hii inaruhusu kubadilisha vigezo vya seva kama vile uboreshaji wa utendaji, mipangilio ya usalama, au mipangilio ya uendeshaji.
az postgres flexible-server parameter set \
--resource-group <resource_group_name> \
--server-name <server_name> \
--name <parameter_name> \
--value <parameter_value>
Microsoft.DBforPostgreSQL/flexibleServers/stop/action
Kwa ruhusa hii, unaweza kusitisha mfano wa PostgreSQL Flexible Server kwenye Azure. Kusitisha seva kunaweza kusababisha usumbufu wa huduma wa muda, ukihusisha programu na watumiaji wanaotegemea hifadhidata.
az postgres flexible-server stop \
--name <server_name> \
--resource-group <resource_group_name>
Microsoft.DBforPostgreSQL/flexibleServers/start/action
With this permission, you can start a stopped PostgreSQL Flexible Server instance on Azure. Starting a server restores its availability, enabling applications and users to reconnect and access the database.
az postgres flexible-server start \
--name <server_name> \
--resource-group <resource_group_name>
Microsoft.DBforPostgreSQL/flexibleServers/read, Microsoft.DBforPostgreSQL/flexibleServers/write && Microsoft.ManagedIdentity/userAssignedIdentities/assign/action
With this permission, you can assign a user-assigned managed identity to postgres flexible servers.
az postgres flexible-server identity assign \
--resource-group <ResourceGroupName> \
--server-name <ServerName> \
--identity <IdentityName>
*/delete
With this permissions you can delete resources related to postgres server in Azure such as server, firewalls, managed identities or configurations
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.