HackTricks CloudAz - PostgreSQL Post Exploitation
Reading time: 5 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
PostgreSQL Database Post Exploitation
Kwa maelezo zaidi kuhusu PostgreSQL Database angalia:
Microsoft.DBforPostgreSQL/flexibleServers/databases/write && Microsoft.DBforPostgreSQL/flexibleServers/databases/read
Kwa ruhusa hii, unaweza kuunda hifadhidata mpya ndani ya mfano wa Postgres Flexible Server kwenye Azure. Ingawa kitendo hiki mwenyewe hakibadilishi rasilimali zilizopo, kuunda hifadhidata nyingi kupita kiasi au zisizoidhinishwa kunaweza kusababisha matumizi ya rasilimali, au matumizi mabaya ya seva.
az postgres flexible-server db create \
--server-name <server_name> \
--resource-group <resource_group_name> \
--database-name <database_name>
Microsoft.DBforPostgreSQL/flexibleServers/backups/write
Kwa ruhusa hii, unaweza kuanzisha uundaji wa nakala za akiba kwa mfano wa Postgres Flexible Server kwenye Azure. Hii inawawezesha watumiaji kuunda nakala za akiba kwa mahitaji, ambazo zinaweza kuwa na manufaa kwa kuhifadhi data katika wakati maalum.
az postgres flexible-server backup create \
--name <server_name> \
--resource-group <resource_group_name>
--backup-name <backup_name>
Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/write && Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/read
Kwa ruhusa hii, unaweza kuunda au kusasisha mipangilio ya Advanced Threat Protection (ATP) kwa mfano wa Postgres Flexible Server kwenye Azure. Hii inaruhusu kuwezesha au kuzima vipengele vya usalama vilivyoundwa kugundua na kujibu shughuli zisizo za kawaida na vitisho vya uwezekano.
az postgres flexible-server threat-protection-policy update \
--name <server_name> \
--resource-group <resource_group_name> \
--state <Enabled|Disabled>
Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/write, Microsoft.DBforPostgreSQL/flexibleServers/read && Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/read
Kwa ruhusa hii, unaweza kuunda au kubadilisha sheria za firewall kwa mfano wa Postgres Flexible Server kwenye Azure. Hii inaruhusu udhibiti juu ya ni anwani zipi za IP au maeneo gani yanaweza kufikia seva. Matumizi yasiyoidhinishwa au yasiyo sahihi ya ruhusa hii yanaweza kufichua seva kwa ufikiaji usiohitajika au mbaya.
# Create Rule
az postgres flexible-server firewall-rule create \
--name <server_name> \
--resource-group <resource_group_name> \
--rule-name <rule_name> \
--start-ip-address <start_ip> \
--end-ip-address <end_ip>
# Update Rule
az postgres flexible-server firewall-rule update \
--name <server_name> \
--resource-group <resource_group_name> \
--rule-name <rule_name> \
--start-ip-address <start_ip> \
--end-ip-address <end_ip>
Microsoft.DBforPostgreSQL/flexibleServers/configurations/write && Microsoft.DBforPostgreSQL/flexibleServers/configurations/read
Kwa ruhusa hii, unaweza kuboresha mipangilio ya usanidi wa mfano wa Postgres Flexible Server kwenye Azure. Hii inaruhusu kubadilisha vigezo vya seva kama vile uboreshaji wa utendaji, mipangilio ya usalama, au mipangilio ya uendeshaji.
az postgres flexible-server parameter set \
--resource-group <resource_group_name> \
--server-name <server_name> \
--name <parameter_name> \
--value <parameter_value>
Microsoft.DBforPostgreSQL/flexibleServers/stop/action
Kwa ruhusa hii, unaweza kusitisha mfano wa PostgreSQL Flexible Server kwenye Azure. Kusitisha seva kunaweza kusababisha usumbufu wa huduma wa muda, ukihusisha programu na watumiaji wanaotegemea hifadhidata.
az postgres flexible-server stop \
--name <server_name> \
--resource-group <resource_group_name>
Microsoft.DBforPostgreSQL/flexibleServers/start/action
With this permission, you can start a stopped PostgreSQL Flexible Server instance on Azure. Starting a server restores its availability, enabling applications and users to reconnect and access the database.
az postgres flexible-server start \
--name <server_name> \
--resource-group <resource_group_name>
Microsoft.DBforPostgreSQL/flexibleServers/read, Microsoft.DBforPostgreSQL/flexibleServers/write && Microsoft.ManagedIdentity/userAssignedIdentities/assign/action
With this permission, you can assign a user-assigned managed identity to postgres flexible servers.
az postgres flexible-server identity assign \
--resource-group <ResourceGroupName> \
--server-name <ServerName> \
--identity <IdentityName>
*/delete
With this permissions you can delete resources related to postgres server in Azure such as server, firewalls, managed identities or configurations
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.