gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-18 23:55:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

new

Browse Source
This commit is contained in:
Jimmy
2025-02-22 13:38:23 +01:00
parent 0148473b67
commit 58556acb7d
1 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/pentesting-cloud/azure-security/az-services/az-cosmosDB.md
View File

@@ -26,10 +26,10 @@ Within an account, you can create one or more databases, which serve as logical
The core unit of data storage is the container, which holds JSON documents and is automatically indexed for efficient querying. Containers are elastically scalable and distributed across partitions, which are determined by a user-defined partition key. The partition key is critical for ensuring optimal performance and even data distribution. For example, a container might store customer data, with "customerId" as the partition key.
#### Key Features
**Global Distribution**: Enable or disable Geo-Redundancy for cross-region replication and Multi-region Writes for improved availability.
**Networking & Security**: between public (all/select networks) or private endpoints for connectivity. Secure connections with TLS 1.2 encryption. Supports CORS (Cross-Origin Resource Sharing) for controlled access to resources. Microsoft Defender for Cloud can be enabled. To make the connection you can make use of keys.
**Backup & Recovery**: from Periodic, Continuous (7 days), or Continuous (30 days) backup policies with configurable intervals and retention.
**Data Encryption**: Default service-managed keys or customer-managed keys (CMK) for encryption (CMK selection is irreversible).
- **Global Distribution**: Enable or disable Geo-Redundancy for cross-region replication and Multi-region Writes for improved availability.
- **Networking & Security**: between public (all/select networks) or private endpoints for connectivity. Secure connections with TLS 1.2 encryption. Supports CORS (Cross-Origin Resource Sharing) for controlled access to resources. Microsoft Defender for Cloud can be enabled. To make the connection you can make use of keys.
- **Backup & Recovery**: from Periodic, Continuous (7 days), or Continuous (30 days) backup policies with configurable intervals and retention.
- **Data Encryption**: Default service-managed keys or customer-managed keys (CMK) for encryption (CMK selection is irreversible).
#### Enumeration
@@ -69,6 +69,19 @@ az cosmosdb sql trigger list --account-name <AccountName> --container-name <Cont
## List the NoSQL user defined functions under an Azure Cosmos DB NoSQL container
az cosmosdb sql user-defined-function list --account-name <AccountName> --container-name <ContainerName> --database-name <DatabaseName> --resource-group <ResourceGroupName>
## MongoDB (vCore)
# Install az cli extension
az extension add --name cosmosdb-preview
# List all MongoDB databases in a specified Azure Cosmos DB account
az cosmosdb mongocluster list
az cosmosdb mongocluster show --cluster-name <name> --resource-group <ResourceGroupName>
# Get firewall rules
az cosmosdb mongocluster firewall rule list --cluster-name <name> --resource-group <ResourceGroupName>
# Connect to in
brew install mongosh
mongosh "mongodb://<username>:<password>@<account-name>.mongo.cosmos.azure.com:10255/?ssl=true&replicaSet=globaldb&retryWrites=false" --username <username> --password <password>
```
{{#endtab }}