gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-16 06:42:39 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['.github/pull_request_template.md', 'src/pentesting-cloud/az

Browse Source
This commit is contained in:
Translator
2024-12-31 19:02:02 +00:00
parent 7770a50092
commit 2753c75e8b
244 changed files with 8471 additions and 11302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
src/pentesting-cloud/azure-security/az-services/az-sql.md
View File

@@ -4,100 +4,99 @@
## Azure SQL
Azure SQL is a family of managed, secure, and intelligent products that use the **SQL Server database engine in the Azure cloud**. This means you don't have to worry about the physical administration of your servers, and you can focus on managing your data.
Azure SQL is 'n familie van bestuurde, veilige en intelligente produkte wat die **SQL Server-databasis enjin in die Azure wolk** gebruik. Dit beteken jy hoef nie bekommerd te wees oor die fisiese administrasie van jou bedieners nie, en jy kan fokus op die bestuur van jou data.
Azure SQL consists of three main offerings:
Azure SQL bestaan uit drie hoofaanbiedinge:
1. **Azure SQL Database**: This is a **fully-managed database service**, which allows you to host individual databases in the Azure cloud. It offers built-in intelligence that learns your unique database patterns and provides customized recommendations and automatic tuning.
2. **Azure SQL Managed Instance**: This is for larger scale, entire SQL Server instance-scoped deployments. It provides near 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine, which provides a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for on-premises SQL Server customers.
3. **Azure SQL Server on Azure VMs**: This is Infrastructure as a Service (IaaS) and is best for migrations where you want **control over the operating system and SQL Server instance**, like it was a server running on-premises.
1. **Azure SQL Database**: Dit is 'n **volledig bestuurde databasisdiens**, wat jou toelaat om individuele databasisse in die Azure wolk te huisves. Dit bied ingeboude intelligensie wat jou unieke databasispatrone leer en aangepaste aanbevelings en outomatiese afstemming bied.
2. **Azure SQL Managed Instance**: Dit is vir groter skaal, hele SQL Server instansie-geskepte ontplooiings. Dit bied byna 100% kompatibiliteit met die nuutste SQL Server op-premises (Enterprise Edition) Databasis Enjin, wat 'n inheemse virtuele netwerk (VNet) implementering bied wat algemene sekuriteitskwessies aanspreek, en 'n besigheidsmodel wat gunstig is vir op-premises SQL Server kliënte.
3. **Azure SQL Server op Azure VMs**: Dit is Infrastruktur as 'n Diens (IaaS) en is die beste vir migrasies waar jy **beheer oor die bedryfstelsel en SQL Server instansie** wil hê, soos dit 'n bediener was wat op-premises loop.
### Azure SQL Database
**Azure SQL Database** is a **fully managed database platform as a service (PaaS)** that provides scalable and secure relational database solutions. It's built on the latest SQL Server technologies and eliminates the need for infrastructure management, making it a popular choice for cloud-based applications.
**Azure SQL Database** is 'n **volledig bestuurde databasisplatform as 'n diens (PaaS)** wat skaalbare en veilige relationele databasisoplossings bied. Dit is gebou op die nuutste SQL Server tegnologieë en elimineer die behoefte aan infrastruktuur bestuur, wat dit 'n gewilde keuse maak vir wolk-gebaseerde toepassings.
#### Key Features
#### Sleutelkenmerke
- **Always Up-to-Date**: Runs on the latest stable version of SQL Server and Receives new features and patches automatically.
- **PaaS Capabilities**: Built-in high availability, backups, and updates.
- **Data Flexibility**: Supports relational and non-relational data (e.g., graphs, JSON, spatial, and XML).
- **Altijd Opdatering**: Loop op die nuutste stabiele weergawe van SQL Server en ontvang nuwe kenmerke en regstellings outomaties.
- **PaaS Vermoëns**: Ingeboude hoë beskikbaarheid, rugsteun, en opdaterings.
- **Data Buigsaamheid**: Ondersteun relationele en nie-relationele data (bv. grafieke, JSON, ruimtelik, en XML).
#### Purchasing Models / Service Tiers
#### Aankoopmodelle / Diens Tiers
- **vCore-based**: Choose compute, memory, and storage independently. For General Purpose, Business Critical (with high resilience and performance for OLTP apps), and scales up to 128 TB storag
- **DTU-based**: Bundles compute, memory, and I/O into fixed tiers. Balanced resources for common tasks.
- Standard: Balanced resources for common tasks.
- Premium: High performance for demanding workloads.
- **vCore-gebaseerd**: Kies berekening, geheue, en stoorplek onafhanklik. Vir Algemene Doeleindes, Besigheids Krities (met hoë veerkragtigheid en prestasie vir OLTP toepassings), en skaal tot 128 TB stoorplek.
- **DTU-gebaseerd**: Bundels berekening, geheue, en I/O in vaste tiers. Gebalanseerde hulpbronne vir algemene take.
- Standaard: Gebalanseerde hulpbronne vir algemene take.
- Premium: Hoë prestasie vir veeleisende werklaste.
#### Deployment Models
#### Ontplooiingsmodelle
Azure SQL Database supports flexible deployment options to suit various needs:
Azure SQL Database ondersteun buigsame ontplooiingsopsies om aan verskillende behoeftes te voldoen:
- **Single Database**:
- A fully isolated database with its own dedicated resources.
- Great for microservices or applications requiring a single data source.
- **Elastic Pool**:
- Allows multiple databases to share resources within a pool.
- Cost-efficient for applications with fluctuating usage patterns across multiple databases.
- **Enkele Databasis**:
- 'n Volledig geïsoleerde databasis met sy eie toegewyde hulpbronne.
- Wonderlik vir mikrodiens of toepassings wat 'n enkele databron benodig.
- **Elastiese Poel**:
- Laat verskeie databasisse toe om hulpbronne binne 'n poel te deel.
- Kostedoeltreffend vir toepassings met wisselende gebruikspatrone oor verskeie databasisse.
#### Scalable performance and pools
#### Skaalbare prestasie en poele
- **Single Databases**: Each database is isolated and has its own dedicated compute, memory, and storage resources. Resources can be scaled dynamically (up or down) without downtime (1128 vCores, 32 GB4 TB storage, and up to 128 TB).
- **Elastic Pools**: Share resources across multiple databases in a pool to maximize efficiency and save costs. Resources can also be scaled dynamically for the entire pool.
- **Service Tier Flexibility**: Start small with a single database in the General Purpose tier. Upgrade to Business Critical or Hyperscale tiers as needs grow.
- **Scaling Options**: Dynamic Scaling or Autoscaling Alternatives.
- **Enkele Databasisse**: Elke databasis is geïsoleerd en het sy eie toegewyde berekening, geheue, en stoorplek hulpbronne. Hulpbronne kan dinamies geskaal word (op of af) sonder stilstand (1128 vCores, 32 GB4 TB stoorplek, en tot 128 TB).
- **Elastiese Poele**: Deel hulpbronne oor verskeie databasisse in 'n poel om doeltreffendheid te maksimeer en koste te bespaar. Hulpbronne kan ook dinamies geskaal word vir die hele poel.
- **Diens Tier Buigsaamheid**: Begin klein met 'n enkele databasis in die Algemene Doeleindes tier. Opgradeer na Besigheids Krities of Hyperscale tiers soos behoeftes groei.
- **Skaalopsies**: Dinamiese Skaal of Outoskaal Alternatiewe.
#### Built-In Monitoring & Optimization
#### Ingeboude Monitering & Optimalisering
- **Query Store**: Tracks performance issues, identifies top resource consumers, and offers actionable recommendations.
- **Automatic Tuning**: Proactively optimizes performance with features like automatic indexing and query plan corrections.
- **Telemetry Integration**: Supports monitoring through Azure Monitor, Event Hubs, or Azure Storage for tailored insights.
- **Query Store**: Volg prestasieprobleme, identifiseer top hulpbronverbruikers, en bied uitvoerbare aanbevelings.
- **Outomatiese Afstemming**: Proaktief optimaliseer prestasie met kenmerke soos outomatiese indeksering en query plan regstellings.
- **Telemetry Integrasie**: Ondersteun monitering deur Azure Monitor, Event Hubs, of Azure Storage vir op maat gemaakte insigte.
#### Disaster Recovery & Availavility
#### Ramp Herstel & Beskikbaarheid
- **Automatic backups**: SQL Database automatically performs full, differential, and transaction log backups of databases
- **Point-in-Time Restore**: Recover databases to any past state within the backup retention period.
- **Geo-Redundancy**
- **Failover Groups**: Simplifies disaster recovery by grouping databases for automatic failover across regions.
- **Outomatiese rugsteun**: SQL Database voer outomaties volledige, differensiële, en transaksielog rugsteun van databasisse uit.
- **Punt-in-Tyd Herstel**: Herstel databasisse na enige vorige toestand binne die rugsteun behou tydperk.
- **Geo-Retensie**
- **Failover Groepe**: Vereenvoudig ramp herstel deur databasisse te groepeer vir outomatiese failover oor streke.
### Azure SQL Managed Instance
**Azure SQL Managed Instance** is a Platform as a Service (PaaS) database engine that offers near 100% compatibility with SQL Server and handles most management tasks (e.g., upgrading, patching, backups, monitoring) automatically. It provides a cloud solution for migrating on-premises SQL Server databases with minimal changes.
**Azure SQL Managed Instance** is 'n Platform as 'n Diens (PaaS) databasis enjin wat byna 100% kompatibiliteit met SQL Server bied en die meeste bestuurs take (bv. opgradering, regstelling, rugsteun, monitering) outomaties hanteer. Dit bied 'n wolkoplossing vir die migrasie van op-premises SQL Server databasisse met minimale veranderinge.
#### Service Tiers
#### Diens Tiers
- **General Purpose**: Cost-effective option for applications with standard I/O and latency requirements.
- **Business Critical**: High-performance option with low I/O latency for critical workloads.
- **Algemene Doeleindes**: Kostedoeltreffende opsie vir toepassings met standaard I/O en latensie vereistes.
- **Besigheids Krities**: Hoë-prestasie opsie met lae I/O latensie vir kritieke werklaste.
#### Advanced Security Features
#### Gevorderde Sekuriteitskenmerke
* **Threat Protection**: Advanced Threat Protection alerts for suspicious activities and SQL injection attacks. Auditing to track and log database events for compliance.
* **Access Control**: Microsoft Entra authentication for centralized identity management. Row-Level Security and Dynamic Data Masking for granular access control.
* **Backups**: Automated and manual backups with point-in-time restore capability.
* **Dreigingsbeskerming**: Gevorderde Dreigingsbeskerming waarskuwings vir verdagte aktiwiteite en SQL-inspuitaanvalle. Oudits om databasisgebeure vir nakoming te volg en te log.
* **Toegangbeheer**: Microsoft Entra verifikasie vir gesentraliseerde identiteit bestuur. Ry-Vlak Sekuriteit en Dinamiese Data Maskering vir fyn toegangbeheer.
* **Rugsteun**: Geoutomatiseerde en handmatige rugsteun met punt-in-tyd herstel vermoë.
### Azure SQL Virtual Machines
### Azure SQL Virtuele Masjiene
**Azure SQL Virtual Machines** is best for migrations where you want **control over the operating system and SQL Server instance**, like it was a server running on-premises. It can have different machine sizes, and a wide selection of SQL Server versions and editions.
**Azure SQL Virtuele Masjiene** is die beste vir migrasies waar jy **beheer oor die bedryfstelsel en SQL Server instansie** wil hê, soos dit 'n bediener was wat op-premises loop. Dit kan verskillende masjien groottes hê, en 'n wye seleksie van SQL Server weergawes en edisies.
#### Key Features
#### Sleutelkenmerke
**Automated Backup**: Schedule backups for SQL databases.
**Automatic Patching**: Automates the installation of Windows and SQL Server updates during a maintenance window.
**Azure Key Vault Integration**: Automatically configures Key Vault for SQL Server VMs.
**Defender for Cloud Integration**: View Defender for SQL recommendations in the portal.
**Version/Edition Flexibility**: Change SQL Server version or edition metadata without redeploying the VM.
**Geoutomatiseerde Rugsteun**: Skedule rugsteun vir SQL databasisse.
**Outomatiese Regstelling**: Automatiseer die installasie van Windows en SQL Server opdaterings tydens 'n onderhoudsvenster.
**Azure Key Vault Integrasie**: Konfigureer outomaties Key Vault vir SQL Server VMs.
**Defender vir Wolk Integrasie**: Beskou Defender vir SQL aanbevelings in die portaal.
**Weergave/Edisie Buigsaamheid**: Verander SQL Server weergawe of edisie metadata sonder om die VM te herontplooi.
#### Security Features
#### Sekuriteitskenmerke
**Microsoft Defender for SQL**: Security insights and alerts.
**Azure Key Vault Integration**: Secure storage of credentials and encryption keys.
**Microsoft Entra (Azure AD)**: Authentication and access control.
**Microsoft Defender vir SQL**: Sekuriteitsinsigte en waarskuwings.
**Azure Key Vault Integrasie**: Veilige berging van geloofsbriewe en versleuteling sleutels.
**Microsoft Entra (Azure AD)**: Verifikasie en toegangbeheer.
## Enumeration
## Enumerasie
{{#tabs}}
{{#tab name="az cli"}}
```bash
# List Servers
az sql server list # --output table
@@ -164,11 +163,9 @@ az sql midb show --resource-group <res-grp> --name <name>
az sql vm list
az sql vm show --resource-group <res-grp> --name <name>
```
{{#endtab}}
{{#tab name="Az PowerShell"}}
```powershell
# List Servers
Get-AzSqlServer -ResourceGroupName "<resource-group-name>"
@@ -206,40 +203,35 @@ Get-AzSqlInstanceDatabase -ResourceGroupName <ResourceGroupName> -InstanceName <
# Lis all sql VM
Get-AzSqlVM
```
{{#endtab}}
{{#endtabs}}
### Connect and run SQL queries
You could find a connection string (containing credentials) from example [enumerating an Az WebApp](az-app-services.md):
### Verbind en voer SQL-navrae uit
Jy kan 'n verbindingsstring (wat geloofsbriewe bevat) vind van byvoorbeeld [die opsomming van 'n Az WebApp](az-app-services.md):
```powershell
function invoke-sql{
param($query)
$Connection_string = "Server=tcp:supercorp.database.windows.net,1433;Initial Catalog=flag;Persist Security Info=False;User ID=db_read;Password=gAegH!324fAG!#1fht;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
$Connection = New-Object System.Data.SqlClient.SqlConnection $Connection_string
$Connection.Open()
$Command = New-Object System.Data.SqlClient.SqlCommand
$Command.Connection = $Connection
$Command.CommandText = $query
$Reader = $Command.ExecuteReader()
while ($Reader.Read()) {
$Reader.GetValue(0)
}
$Connection.Close()
param($query)
$Connection_string = "Server=tcp:supercorp.database.windows.net,1433;Initial Catalog=flag;Persist Security Info=False;User ID=db_read;Password=gAegH!324fAG!#1fht;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
$Connection = New-Object System.Data.SqlClient.SqlConnection $Connection_string
$Connection.Open()
$Command = New-Object System.Data.SqlClient.SqlCommand
$Command.Connection = $Connection
$Command.CommandText = $query
$Reader = $Command.ExecuteReader()
while ($Reader.Read()) {
$Reader.GetValue(0)
}
$Connection.Close()
}
invoke-sql 'Select Distinct TABLE_NAME From information_schema.TABLES;'
```
You can also use sqlcmd to access the database. It is important to know if the server allows public connections `az sql server show --name <server-name> --resource-group <resource-group>`, and also if it the firewall rule let's our IP to access:
U kan ook sqlcmd gebruik om toegang tot die databasis te verkry. Dit is belangrik om te weet of die bediener openbare verbindings toelaat `az sql server show --name <server-name> --resource-group <resource-group>`, en ook of die vuurmuurreël ons IP toelaat om toegang te verkry:
```powershell
sqlcmd -S <sql-server>.database.windows.net -U <server-user> -P <server-passworkd> -d <database>
```
## References
## Verwysings
- [https://learn.microsoft.com/en-us/azure/azure-sql/azure-sql-iaas-vs-paas-what-is-overview?view=azuresql](https://learn.microsoft.com/en-us/azure/azure-sql/azure-sql-iaas-vs-paas-what-is-overview?view=azuresql)
- [https://learn.microsoft.com/en-us/azure/azure-sql/database/single-database-overview?view=azuresql](https://learn.microsoft.com/en-us/azure/azure-sql/database/single-database-overview?view=azuresql)
@@ -259,7 +251,3 @@ sqlcmd -S <sql-server>.database.windows.net -U <server-user> -P <server-passwork
{{#endref}}
{{#include ../../../banners/hacktricks-training.md}}