gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-14 05:46:25 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['.github/pull_request_template.md', 'src/pentesting-cloud/az

Browse Source
This commit is contained in:
Translator
2024-12-31 19:02:02 +00:00
parent 7770a50092
commit 2753c75e8b
244 changed files with 8471 additions and 11302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/pentesting-cloud/gcp-security/gcp-services/gcp-cloud-sql-enum.md
View File

@@ -4,53 +4,52 @@
## Basic Information
Google Cloud SQL is a managed service that **simplifies setting up, maintaining, and administering relational databases** like MySQL, PostgreSQL, and SQL Server on Google Cloud Platform, removing the need to handle tasks like hardware provisioning, database setup, patching, and backups.
Google Cloud SQL is 'n bestuurde diens wat **die opstelling, onderhoud en administrasie van relationele databasisse** soos MySQL, PostgreSQL en SQL Server op Google Cloud Platform vereenvoudig, wat die behoefte om take soos hardeware voorsiening, databasisopstelling, patching en rugsteun te hanteer, verwyder.
Key features of Google Cloud SQL include:
Belangrike kenmerke van Google Cloud SQL sluit in:
1. **Fully Managed**: Google Cloud SQL is a fully-managed service, meaning that Google handles database maintenance tasks like patching, updates, backups, and configuration.
2. **Scalability**: It provides the ability to scale your database's storage capacity and compute resources, often without downtime.
3. **High Availability**: Offers high availability configurations, ensuring your database services are reliable and can withstand zone or instance failures.
4. **Security**: Provides robust security features like data encryption, Identity and Access Management (IAM) controls, and network isolation using private IPs and VPC.
5. **Backups and Recovery**: Supports automatic backups and point-in-time recovery, helping you safeguard and restore your data.
6. **Integration**: Seamlessly integrates with other Google Cloud services, providing a comprehensive solution for building, deploying, and managing applications.
7. **Performance**: Offers performance metrics and diagnostics to monitor, troubleshoot, and improve database performance.
1. **Volledig bestuur**: Google Cloud SQL is 'n volledig bestuurde diens, wat beteken dat Google databasis onderhoudstake soos patching, opdaterings, rugsteun en konfigurasie hanteer.
2. **Skaalbaarheid**: Dit bied die vermoë om die stoor kapasiteit en rekenaarhulpbronne van jou databasis te skaal, dikwels sonder stilstand.
3. **Hoë beskikbaarheid**: Bied hoë beskikbaarheid konfigurasies, wat verseker dat jou databasisdienste betroubaar is en teen sone of instansie mislukkings kan standhoud.
4. **Sekuriteit**: Bied robuuste sekuriteitskenmerke soos data-enkripsie, Identiteit en Toegang Bestuur (IAM) kontroles, en netwerk isolasie met behulp van privaat IP's en VPC.
5. **Rugsteun en Herstel**: Ondersteun outomatiese rugsteun en punt-in-tyd herstel, wat jou help om jou data te beskerm en te herstel.
6. **Integrasie**: Integreer naatloos met ander Google Cloud dienste, wat 'n omvattende oplossing bied vir die bou, ontplooiing en bestuur van toepassings.
7. **Prestasie**: Bied prestasiemetrieke en diagnostiek om databasisprestasie te monitor, probleemoplossing te doen en te verbeter.
### Password
In the web console Cloud SQL allows the user to **set** the **password** of the database, there also a generate feature, but most importantly, **MySQL** allows to **leave an empty password and all of them allows to set as password just the char "a":**
In die webkonsol Cloud SQL laat die gebruiker toe om die **wagwoord** van die databasis te **stel**, daar is ook 'n genereer funksie, maar die belangrikste is dat **MySQL** toelaat om **'n leë wagwoord te laat en al hulle toelaat om net die karakter "a" as wagwoord te stel:**
<figure><img src="../../../images/image (14).png" alt=""><figcaption></figcaption></figure>
It's also possible to configure a password policy requiring **length**, **complexity**, **disabling reuse** and **disabling username in password**. All are disabled by default.
Dit is ook moontlik om 'n wagwoordbeleid te konfigureer wat **lengte**, **kompleksiteit**, **hergebruik deaktiveer** en **gebruikersnaam in wagwoord deaktiveer** vereis. Almal is standaard gedeaktiveer.
**SQL Server** can be configured with **Active Directory Authentication**.
**SQL Server** kan gekonfigureer word met **Active Directory Authentication**.
### Zone Availability
The database can be **available in 1 zone or in multiple**, of course, it's recommended to have important databases in multiple zones.
Die databasis kan **beskikbaar wees in 1 sone of in meerdere**, natuurlik, dit word aanbeveel om belangrike databasisse in meerdere sones te hê.
### Encryption
By default a Google-managed encryption key is used, but it's also **possible to select a Customer-managed encryption key (CMEK)**.
Standaard word 'n Google-bestuurde enkripsiesleutel gebruik, maar dit is ook **moontlik om 'n Klant-bestuurde enkripsiesleutel (CMEK)** te kies.
### Connections
- **Private IP**: Indicate the VPC network and the database will get an private IP inside the network
- **Public IP**: The database will get a public IP, but by default no-one will be able to connect
- **Authorized networks**: Indicate public **IP ranges that should be allowed** to connect to the database
- **Private Path**: If the DB is connected in some VPC, it's possible to enable this option and give **other GCP services like BigQuery access over it**
- **Private IP**: Gee die VPC-netwerk aan en die databasis sal 'n privaat IP binne die netwerk ontvang
- **Public IP**: Die databasis sal 'n publieke IP ontvang, maar standaard sal niemand in staat wees om te verbind nie
- **Authorized networks**: Gee publieke **IP-reekse wat toegelaat moet word** om met die databasis te verbind
- **Private Path**: As die DB aan 'n VPC gekoppel is, is dit moontlik om hierdie opsie in te skakel en **ander GCP-dienste soos BigQuery toegang daaroor te gee**
<figure><img src="../../../images/image (15).png" alt=""><figcaption></figcaption></figure>
### Data Protection
- **Daily backups**: Perform automatic daily backups and indicate the number of backups you want to maintain.
- **Point-in-time recovery**: Allows you to recover data from a specific point in time, down to a fraction of a second.
- **Deletion Protection**: If enabled, the DB won't be able to be deleted until this feature is disabled
- **Daily backups**: Voer outomatiese daaglikse rugsteun uit en gee die aantal rugsteun aan wat jy wil handhaaf.
- **Point-in-time recovery**: Laat jou toe om data van 'n spesifieke tydstip te herstel, tot 'n fraksie van 'n sekonde.
- **Deletion Protection**: As geaktiveer, sal die DB nie verwyder kan word totdat hierdie funksie gedeaktiveer is.
### Enumeration
```bash
# Get SQL instances
gcloud sql instances list
@@ -67,27 +66,22 @@ gcloud sql users list --instance <intance-name>
gcloud sql backups list --instance <intance-name>
gcloud sql backups describe <backup-name> --instance <intance-name>
```
### Unauthenticated Enum
### Ongeauthentiseerde Enum
{{#ref}}
../gcp-unauthenticated-enum-and-access/gcp-cloud-sql-unauthenticated-enum.md
{{#endref}}
### Post Exploitation
### Post Exploitatie
{{#ref}}
../gcp-post-exploitation/gcp-cloud-sql-post-exploitation.md
{{#endref}}
### Persistence
### Volharding
{{#ref}}
../gcp-persistence/gcp-cloud-sql-persistence.md
{{#endref}}
{{#include ../../../banners/hacktricks-training.md}}