gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-25 10:44:39 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/pentesting-ci-cd/cloudflare-security/cloudflare-domains

Browse Source
This commit is contained in:
Translator
2025-01-11 18:51:48 +00:00
parent 608a48718c
commit 5645f346ff
44 changed files with 2044 additions and 469 deletions
Download Patch File Download Diff File Expand all files Collapse all files

243
src/pentesting-cloud/azure-security/az-post-exploitation/az-cosmosDB-post-exploitation.md Normal file
View File

@@ -0,0 +1,243 @@
# Az - CosmosDB Post Exploitation
{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
## CosmosDB Post Exploitation
Vir meer inligting oor SQL Database, kyk:
{% content-ref url="../az-services/az-cosmosDB.md" %}
[az-cosmosDB.md](../az-services/az-cosmosDB.md)
{% endcontent-ref %}
### "Microsoft.DocumentDB/databaseAccounts/read" && "Microsoft.DocumentDB/databaseAccounts/write"
Met hierdie toestemming kan jy Azure Cosmos DB rekeninge skep of opdateer. Dit sluit in om rekeningvlak instellings te wysig, streke by te voeg of te verwyder, konsistensievlakke te verander, en funksies soos multi-streek skrywe in of uit te skakel.
{% code overflow="wrap" %}
```bash
az cosmosdb update \
--name <account_name> \
--resource-group <resource_group_name> \
--public-network-access ENABLED
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/read" && "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/write"
Met hierdie toestemming kan jy houers (versamelings) binne 'n SQL-databasis van 'n Azure Cosmos DB-rekening skep of wysig. Houers word gebruik om data te stoor, en veranderinge aan hulle kan die databasis se struktuur en toegangspatrone beïnvloed.
{% code overflow="wrap" %}
```bash
# Create
az cosmosdb sql container create \
--account-name <account_name> \
--resource-group <resource_group_name> \
--database-name <database_name> \
--name <container_name> \
--partition-key-path <partition_key_path>
#Update
az cosmosdb sql container update \
--account-name <account_name> \
--resource-group <resource_group_name> \
--database-name <database_name> \
--name <container_name> \
--ttl 3600
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/write" && "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/read"
Met hierdie toestemming kan jy SQL-databasisse binne 'n Azure Cosmos DB-rekening skep of wysig. Dit stel jou in staat om die databasisstruktuur te bestuur en nuwe databasisse aan die rekening toe te voeg. Terwyl hierdie toestemming databasis skepping moontlik maak, kan onvanpaste of ongeoorloofde gebruik lei tot onnodige hulpbronverbruik, verhoogde koste, of operasionele ondoeltreffendhede.
{% code overflow="wrap" %}
```bash
az cosmosdb sql database create \
--account-name <account_name> \
--resource-group <resource_group_name> \
--name <database_name>
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/failoverPriorityChange/action"
Met hierdie toestemming kan jy die failover prioriteit van streke vir 'n Azure Cosmos DB databasisrekening verander. Hierdie aksie bepaal die volgorde waarin streke primêr word tydens 'n failover gebeurtenis. Onbehoorlike gebruik van hierdie toestemming kan die hoë beskikbaarheid van die databasis ontwrig of lei tot onbedoelde operasionele impakte.
{% code overflow="wrap" %}
```bash
az cosmosdb failover-priority-change \
--name <database_account_name> \
--resource-group <resource_group_name> \
--failover-policies <region1=priority1> <region2=priority2>
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/regenerateKey/action"
Met hierdie toestemming kan jy die primêre of sekondêre sleutels vir 'n Azure Cosmos DB-rekening hergenerer. Dit word tipies gebruik om sekuriteit te verbeter deur ou sleutels te vervang, maar dit kan toegang vir dienste of toepassings wat op die huidige sleutels staatmaak, ontwrig.
{% code overflow="wrap" %}
```bash
az cosmosdb keys regenerate \
--name <account_name> \
--resource-group <resource_group_name> \
--key-kind <primary|secondary>
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/userDefinedFunctions/write" && "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/userDefinedFunctions/read"
Met hierdie toestemming kan jy triggers binne 'n houer van 'n SQL-databasis in 'n Azure Cosmos DB-rekening skep of wysig. Triggers stel jou in staat om bediener-kant logika uit te voer in reaksie op operasies.
{% code overflow="wrap" %}
```bash
az cosmosdb sql trigger create \
--account-name <account_name> \
--resource-group <resource_group_name> \
--database-name <sql_database_name> \
--container-name <container_name> \
--name <trigger_name> \
--body 'function trigger() { var context = getContext(); var request = context.getRequest(); request.setBody("Triggered operation!"); }' \
--type Pre \
--operation All
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures/write" && "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures/read"
Met hierdie toestemming kan jy gestoor prosedures binne 'n houer van 'n SQL-databasis in 'n Azure Cosmos DB-rekening skep of wysig. Gestoor prosedures in Cosmos DB is bediener-kant JavaScript-funksies wat jou toelaat om logika vir die verwerking van data of die uitvoering van operasies direk binne die databasis te enkapsuleer.
{% code overflow="wrap" %}
```bash
az cosmosdb sql stored-procedure create \
--account-name <account_name> \
--resource-group <resource_group_name> \
--database-name <sql_database_name> \
--container-name <container_name> \
--name <stored_procedure_name> \
--body 'function sample() { return "Hello, Cosmos!"; }'
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/triggers/write" && "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/triggers/read"
Met hierdie toestemming kan jy triggers binne 'n houer van 'n SQL-databasis in 'n Azure Cosmos DB-rekening skep of wysig. Triggers stel jou in staat om bediener-kant logika uit te voer in reaksie op operasies soos invoegings, opdaterings of verwyderings.
{% code overflow="wrap" %}
```bash
az cosmosdb sql trigger create \
--account-name <account_name> \
--resource-group <resource_group_name> \
--database-name <sql_database_name> \
--container-name <container_name> \
--name <trigger_name> \
--body 'function trigger() { var context = getContext(); var request = context.getRequest(); request.setBody("Triggered operation!"); }' \
--type Pre \
--operation All
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/read" && "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/write"
Met hierdie toestemming kan jy versamelinge binne MongoDB-databasisse in 'n Azure Cosmos DB-rekening skep of wysig. Versamelinge word gebruik om dokumente te stoor en die struktuur en partitionering van data te definieer.
{% code overflow="wrap" %}
```bash
az cosmosdb mongodb collection create \
--account-name <account_name> \
--resource-group <resource_group_name> \
--database-name <mongodb_database_name> \
--name <collection_name>
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/write" && "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/read"
Met hierdie toestemming kan jy nuwe MongoDB-databasisse binne 'n Azure Cosmos DB-rekening skep. Dit stel jou in staat om nuwe databasisse te voorsien om versamelings en dokumente te stoor en te bestuur.
{% code overflow="wrap" %}
```bash
az cosmosdb mongodb database create \
--account-name <account_name> \
--resource-group <resource_group_name> \
--name <database_name>
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/write" && "Microsoft.DocumentDB/databaseAccounts/mongodbRoleDefinitions/read"
Met hierdie toestemming kan jy nuwe MongoDB roldefinisies binne 'n Azure Cosmos DB-rekening skep. Dit stel jou in staat om pasgemaakte rolle met spesifieke toestemmings vir MongoDB-gebruikers te definieer.
{% code overflow="wrap" %}
```bash
az cosmosdb mongodb role definition create \
--account-name <account_name> \
--resource-group <resource_group_name> \
--body '{
"Id": "<mydatabase>.readWriteRole",
"RoleName": "readWriteRole",
"Type": "CustomRole",
"DatabaseName": "<mydatabase>",
"Privileges": [
{
"Resource": {
"Db": "<mydatabase>",
"Collection": "mycollection"
},
"Actions": [
"insert",
"find",
"update"
]
}
],
"Roles": []
}'
```
{% endcode %}
### "Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/write" && "Microsoft.DocumentDB/databaseAccounts/mongodbUserDefinitions/read"
Met hierdie toestemming kan jy nuwe MongoDB gebruikersdefinisies binne 'n Azure Cosmos DB rekening skep. Dit stel die voorsiening van gebruikers met spesifieke rolle en toegangsvlakke tot MongoDB databasisse in staat.
{% code overflow="wrap" %}
```bash
az cosmosdb mongodb user definition create \
--account-name <account_name> \
--resource-group <resource_group_name> \
--body '{
"Id": "<mydatabase>.myUser",
"UserName": "myUser",
"Password": "mySecurePassword",
"DatabaseName": "<mydatabase>",
"CustomData": "TestCustomData",
"Mechanisms": "SCRAM-SHA-256",
"Roles": [
{
"Role": "readWriteRole",
"Db": "<mydatabase>"
}
]
}'
```
{% endcode %}
{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Ondersteun HackTricks</summary>
* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}

167
src/pentesting-cloud/azure-security/az-post-exploitation/az-mysql-post-exploitation.md Normal file
View File

@@ -0,0 +1,167 @@
# Az - MySQL Post Exploitation
{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Ondersteun HackTricks</summary>
* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
## MySQL Databasis Post Exploitation
Vir meer inligting oor MySQL Databasis kyk:
{% content-ref url="../az-services/az-mysql.md" %}
[az-mysql.md](../az-services/az-mysql.md)
{% endcontent-ref %}
### "Microsoft.DBforMySQL/flexibleServers/databases/write" && "Microsoft.DBforMySQL/flexibleServers/databases/read"
Met hierdie toestemming kan jy nuwe databasis binne 'n MySQL Flexible Server instansie op Azure skep. Terwyl hierdie aksie self nie bestaande hulpbronne wysig nie, kan oormatige of ongeoorloofde skepping van databasisse lei tot hulpbronverbruik, of potensiële misbruik van die bediener.
{% code overflow="wrap" %}
```bash
az mysql flexible-server db create \
--server-name <server_name> \
--resource-group <resource_group_name> \
--database-name <database_name>
```
{% endcode %}
### "Microsoft.DBforMySQL/flexibleServers/backups/write"
Met hierdie toestemming kan jy die skepping van rugsteun vir 'n MySQL Flexible Server-instansie op Azure begin. Dit stel gebruikers in staat om op aanvraag rugsteun te genereer, wat nuttig kan wees om data op spesifieke tydpunte te bewaar.
{% code overflow="wrap" %}
```bash
az mysql flexible-server backup create \
--name <server_name> \
--resource-group <resource_group_name>
--backup-name <backup_name>
```
{% endcode %}
### "Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings/write"
Met hierdie toestemming kan jy die Gevorderde Bedreigingsbeskerming (ATP) instellings vir 'n MySQL Flexibele Bediening op Azure konfigureer of opdateer. Dit stel jou in staat om sekuriteitskenmerke te aktiveer of te deaktiveer wat ontwerp is om anomale aktiwiteite en potensiële bedreigings te detecteer en daarop te reageer.
{% code overflow="wrap" %}
```bash
az mysql flexible-server threat-protection-policy update \
--name <server_name> \
--resource-group <resource_group_name> \
--state <Enabled|Disabled>
```
{% endcode %}
### "Microsoft.DBforMySQL/flexibleServers/firewallRules/write"
Met hierdie toestemming kan jy firewallreëls vir 'n MySQL Flexible Server-instantie op Azure skep of wysig. Dit stel jou in staat om te beheer watter IP-adresse of -reekse toegang tot die bediener kan hê. Onbevoegde of onvanpaste gebruik van hierdie toestemming kan die bediener aan ongewenste of kwaadwillige toegang blootstel.
{% code overflow="wrap" %}
```bash
# Create Rule
az mysql flexible-server firewall-rule create \
--name <server_name> \
--resource-group <resource_group_name> \
--rule-name <rule_name> \
--start-ip-address <start_ip> \
--end-ip-address <end_ip>
# Update Rule
az mysql flexible-server firewall-rule update \
--name <server_name> \
--resource-group <resource_group_name> \
--rule-name <rule_name> \
--start-ip-address <start_ip> \
--end-ip-address <end_ip>
```
{% endcode %}
### "Microsoft.DBforMySQL/flexibleServers/resetGtid/action"
Met hierdie toestemming kan jy die GTID (Global Transaction Identifier) vir 'n MySQL Flexible Server-instansie op Azure reset. Die reset van die GTID sal al die outomatiese, op aanvraag rugsteun en geo-rugsteun wat voor die reset aksie geneem is, ongeldig maak. Na die GTID-reset sal jy nie in staat wees om PITR (point-in-time-restore) uit te voer nie, met die vinnigste herstelpunt of deur 'n pasgemaakte herstelpunt as die geselekteerde hersteltyd voor die GTID-resettyd is. En suksesvolle geo-herstel sal slegs moontlik wees na 5 dae.
{% code overflow="wrap" %}
```bash
az mysql flexible-server reset-gtid \
--name \
--resource-group <resource_group_name> \
--gtid-set <gtid>
```
{% endcode %}
### "Microsoft.DBforMySQL/flexibleServers/updateConfigurations/action"
Met hierdie toestemming kan jy die konfigurasie-instellings van 'n MySQL Flexible Server-instansie op Azure opdateer. Dit stel jou in staat om bedienerparameters soos prestasie-afstemming, sekuriteitskonfigurasies of operasionele instellings aan te pas. Jy kan die volgende parameters saam in 'n bondel opdateer: audit_log_enabled, audit_log_events, binlog_expire_logs_seconds, binlog_row_image, character_set_server, collation_server, connect_timeout, enforce_gtid_consistency, gtid_mode, init_connect, innodb_buffer_pool_size, innodb_io_capacity, innodb_io_capacity_max, innodb_purge_threads, innodb_read_io_threads, innodb_thread_concurrency, innodb_write_io_threads, long_query_time, max_connect_errors, en max_connections.
{% code overflow="wrap" %}
```bash
az mysql flexible-server parameter set-batch \
--resource-group <resource_group_name> \
--server-name <server_name> \
--args max_connections=<value>
```
{% endcode %}
### "Microsoft.DBforMySQL/flexibleServers/read", "Microsoft.DBforMySQL/flexibleServers/write" && "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action"
Met hierdie toestemming kan jy 'n gebruiker-toegewyde bestuurde identiteit aan MySQL buigbare bedieners toewys.
{% code overflow="wrap" %}
```bash
az mysql flexible-server identity assign \
--resource-group <ResourceGroupName> \
--server-name <ServerName> \
--identity <IdentityName>
```
{% endcode %}
### "Microsoft.DBforMySQL/flexibleServers/stop/action"
Met hierdie toestemming kan jy 'n PostgreSQL Flexible Server-instansie op Azure stop. Om 'n bediener te stop, kan lei tot tydelike diensonderbreking, wat toepassings en gebruikers wat van die databasis afhanklik is, beïnvloed.
{% code overflow="wrap" %}
```bash
az mysql flexible-server stop \
--name <server_name> \
--resource-group <resource_group_name>
```
{% endcode %}
### "Microsoft.DBforMySQL/flexibleServers/start/action"
With this permission, you can start a stopped PostgreSQL Flexible Server instance on Azure. Starting a server restores its availability, enabling applications and users to reconnect and access the database.
{% code overflow="wrap" %}
```bash
az mysql fleksible-bediener begin \
--naam <server_name> \
--hulpbron-groep <resource_group_name>
```
{% endcode %}
### "*/delete"
With this permissions you can delete resources related to mysql server in Azure such as server, firewalls, managed identities or configurations
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}

155
src/pentesting-cloud/azure-security/az-post-exploitation/az-postgresql-post-exploitation.md Normal file
View File

@@ -0,0 +1,155 @@
# Az - PostgreSQL Post Exploitation
{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Ondersteun HackTricks</summary>
* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
## PostgreSQL Databasis Post Exploitation
Vir meer inligting oor PostgreSQL Databasis kyk:
{% content-ref url="../az-services/az-postgresql.md" %}
[az-postgresql.md](../az-services/az-postgresql.md)
{% endcontent-ref %}
### "Microsoft.DBforPostgreSQL/flexibleServers/databases/write" && "Microsoft.DBforPostgreSQL/flexibleServers/databases/read"
Met hierdie toestemming kan jy nuwe databasis binne 'n Postgres Flexible Server instansie op Azure skep. Terwyl hierdie aksie self nie bestaande hulpbronne wysig nie, kan oormatige of ongeoorloofde skepping van databasisse lei tot hulpbronverbruik, of potensiële misbruik van die bediener.
{% code overflow="wrap" %}
```bash
az postgres flexible-server db create \
--server-name <server_name> \
--resource-group <resource_group_name> \
--database-name <database_name>
```
{% endcode %}
### "Microsoft.DBforPostgreSQL/flexibleServers/backups/write"
Met hierdie toestemming kan jy die skep van rugsteun vir 'n Postgres Flexible Server-instansie op Azure begin. Dit stel gebruikers in staat om op aanvraag rugsteun te genereer, wat nuttig kan wees om data op spesifieke tydpunte te bewaar.
{% code overflow="wrap" %}
```bash
az postgres flexible-server backup create \
--name <server_name> \
--resource-group <resource_group_name>
--backup-name <backup_name>
```
{% endcode %}
### "Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/write" && "Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/read"
Met hierdie toestemming kan jy die Advanced Threat Protection (ATP) instellings vir 'n Postgres Flexible Server instance op Azure konfigureer of opdateer. Dit stel jou in staat om sekuriteitskenmerke in te skakel of uit te skakel wat ontwerp is om anomale aktiwiteite en potensiële bedreigings te detecteer en daarop te reageer.
{% code overflow="wrap" %}
```bash
az postgres flexible-server threat-protection-policy update \
--name <server_name> \
--resource-group <resource_group_name> \
--state <Enabled|Disabled>
```
{% endcode %}
### "Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/write", "Microsoft.DBforPostgreSQL/flexibleServers/read" && "Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/read"
Met hierdie toestemming kan jy firewall-reëls vir 'n Postgres Flexible Server-instantie op Azure skep of wysig. Dit stel jou in staat om te beheer watter IP-adresse of -reekse toegang tot die bediener kan hê. Onbevoegde of onvanpaste gebruik van hierdie toestemming kan die bediener aan ongewenste of kwaadwillige toegang blootstel.
{% code overflow="wrap" %}
```bash
# Create Rule
az postgres flexible-server firewall-rule create \
--name <server_name> \
--resource-group <resource_group_name> \
--rule-name <rule_name> \
--start-ip-address <start_ip> \
--end-ip-address <end_ip>
# Update Rule
az postgres flexible-server firewall-rule update \
--name <server_name> \
--resource-group <resource_group_name> \
--rule-name <rule_name> \
--start-ip-address <start_ip> \
--end-ip-address <end_ip>
```
{% endcode %}
### "Microsoft.DBforPostgreSQL/flexibleServers/configurations/write" && "Microsoft.DBforPostgreSQL/flexibleServers/configurations/read"
Met hierdie toestemming kan jy die konfigurasie-instellings van 'n Postgres Flexible Server-instansie op Azure opdateer. Dit stel jou in staat om bedienerparameters soos prestasie-afstemming, sekuriteitskonfigurasies of operasionele instellings aan te pas.
{% code overflow="wrap" %}
```bash
az postgres flexible-server parameter set \
--resource-group <resource_group_name> \
--server-name <server_name> \
--name <parameter_name> \
--value <parameter_value>
```
{% endcode %}
### "Microsoft.DBforPostgreSQL/flexibleServers/stop/action"
Met hierdie toestemming kan jy 'n PostgreSQL Flexible Server-instansie op Azure stop. Om 'n bediener te stop, kan lei tot tydelike diensonderbreking, wat toepassings en gebruikers wat van die databasis afhanklik is, beïnvloed.
{% code overflow="wrap" %}
```bash
az postgres flexible-server stop \
--name <server_name> \
--resource-group <resource_group_name>
```
{% endcode %}
### "Microsoft.DBforPostgreSQL/flexibleServers/start/action"
With this permission, you can start a stopped PostgreSQL Flexible Server instance on Azure. Starting a server restores its availability, enabling applications and users to reconnect and access the database.
{% code overflow="wrap" %}
```bash
az postgres flexible-server start \
--name <server_name> \
--resource-group <resource_group_name>
```
{% endcode %}
### "Microsoft.DBforPostgreSQL/flexibleServers/read", "Microsoft.DBforPostgreSQL/flexibleServers/write" && "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action"
With this permission, you can assign a user-assigned managed identity to postgres flexible servers.
{% code overflow="wrap" %}
```bash
az postgres flexible-server identiteit toewys \
--hulpbron-groep <ResourceGroupName> \
--bediener-naam <ServerName> \
--identiteit <IdentityName>
```
{% endcode %}
### "*/delete"
With this permissions you can delete resources related to postgres server in Azure such as server, firewalls, managed identities or configurations
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}