gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-27 21:23:07 -08:00
Code Issues Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Carlos Polop
2025-02-20 13:08:24 +01:00
parent 892232fe26
commit bee34f3c05
13 changed files with 35 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
src/pentesting-cloud/azure-security/az-persistence/az-queue-persistance.md → src/pentesting-cloud/azure-security/az-persistence/az-queue-persistence.md
View File

0
src/pentesting-cloud/azure-security/az-persistence/az-sql-persistance.md → src/pentesting-cloud/azure-security/az-persistence/az-sql-persistence.md
View File

11
src/pentesting-cloud/azure-security/az-post-exploitation/az-mysql-post-exploitation.md
View File

@@ -20,17 +20,6 @@ az mysql flexible-server db create \
--database-name <database_name>
```
### `Microsoft.DBforMySQL/flexibleServers/backups/write`
With this permission, you can initiate the creation of backups for a MySQL Flexible Server instance on Azure. This allows users to generate on-demand backups, which can be useful for preserving data at specific points in time.
```bash
az mysql flexible-server backup create \
--name <server_name> \
--resource-group <resource_group_name>
--backup-name <backup_name>
```
### `Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings/write`
With this permission, you can configure or update the Advanced Threat Protection (ATP) settings for a MySQL Flexible Server instance on Azure. This allows enabling or diabling security features designed to detect and respond to anomalous activities and potential threats.

20
src/pentesting-cloud/azure-security/az-post-exploitation/az-postgresql-post-exploitation.md
View File

@@ -9,6 +9,16 @@ For more information about PostgreSQL Database check:
../az-services/az-postgresql.md
{{#endref}}
### Use pg_azure_storage extension to access Storage accounts
It's possible to use the extension **`pg_azure_storage` to access Azure Storage accounts** from a PostgreSQL server. This will use the permissions of the managed identity assigned to the server to access the storage account.
For more information check this technique explained in the privilege escalation section:
{{#ref}}
../az-privilege-escalation/az-postgresql-privesc.md
{{#endref}}
### `Microsoft.DBforPostgreSQL/flexibleServers/databases/write` && `Microsoft.DBforPostgreSQL/flexibleServers/databases/read`
With this permission, you can create new databases within a Postgres Flexible Server instance on Azure. While this action itself does not modify existing resources, excessive or unauthorized creation of databases could lead to resource consumption, or potential misuse of the server.
@@ -20,16 +30,6 @@ az postgres flexible-server db create \
--database-name <database_name>
```
### `Microsoft.DBforPostgreSQL/flexibleServers/backups/write`
With this permission, you can initiate the creation of backups for a Postgres Flexible Server instance on Azure. This allows users to generate on-demand backups, which can be useful for preserving data at specific points in time.
```bash
az postgres flexible-server backup create \
--name <server_name> \
--resource-group <resource_group_name>
--backup-name <backup_name>
```
### `Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/write` && `Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/read`

2
src/pentesting-cloud/azure-security/az-privilege-escalation/az-mysql-privesc.md
View File

@@ -11,7 +11,7 @@ For more information about SQL Database check:
### `Microsoft.DBforMySQL/flexibleServers/read` && `Microsoft.DBforMySQL/flexibleServers/write`
With this permission, you can create, update, or delete MySQL Flexible Server instances on Azure. This includes provisioning new servers, modifying existing server configurations, or decommissioning servers.
With this permission, you can create, update, or delete MySQL Flexible Server instances on Azure. This includes provisioning new servers, modifying existing server configurations, decommissioning servers or changing the admins user's password.
```bash
az mysql flexible-server create \

4
src/pentesting-cloud/azure-security/az-privilege-escalation/az-postgresql-privesc.md
View File

@@ -11,7 +11,7 @@ For more information about SQL Database check:
### `Microsoft.DBforPostgreSQL/flexibleServers/read` && `Microsoft.DBforPostgreSQL/flexibleServers/write`
With this permission, you can create, update, or delete PostgreSQL Flexible Server instances on Azure. This includes provisioning new servers, modifying existing server configurations, or decommissioning servers.
With this permission, you can create, update, or delete PostgreSQL Flexible Server instances on Azure. This includes provisioning new servers, modifying existing server configurations, decommissioning servers, or change the admin user's password.
```bash
az postgres flexible-server create \
@@ -35,7 +35,7 @@ az postgres flexible-server update \
--admin-password <password_to_update>
```
Furthermore, with the permissions you can enalbe the assign identity, an opertate with the managed identity attached to the server. Here you can find all the extensions that Azure PostgreSQL flexible server supports [https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/reference-extensions](https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/reference-extensions). To be able to use these extensions some server parameters (azure.extensions) need to be changed. For example here with a managed identity that can access Azure Storage:
Furthermore, with the permissions you can enable the assigned identity, and operate with the managed identity attached to the server. Here you can find all the extensions that Azure PostgreSQL flexible server supports [https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/reference-extensions](https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/reference-extensions). To be able to use these extensions some server parameters (azure.extensions) need to be changed. For example here with a managed identity that can access Azure Storage:
First we change the parameters and be sure the assigned identity is enabled:
```bash

18
src/pentesting-cloud/azure-security/az-services/az-mysql.md
View File

@@ -15,11 +15,17 @@ Azure Database for MySQL is a fully managed relational database service based on
- Features elastic scaling, patch management, and workload optimization.
- Offers stop/start functionality for cost savings.
### Key Features
* **Server Management**: The **ad-admin** feature allows managing Azure Entra ID administrators for MySQL servers, providing control over administrative access via Entra ID credentials. Mysql supports User Managed Identities, used to autenticate without the need of credentials, and can be used by other services.
* **Lifecycle Management**: options to start or stop a server, delete a flexible server instance, restart a server to quickly apply configuration changes, and wait to ensure a server meets specific conditions before proceeding with automation scripts.
* **Security and Networking**: Secure your server by restricting connections through firewall rules that only allow specific public IP addresses, or by using private endpoints that integrate your server into a virtual network. All connections are protected with TLS 1.2 encryption. Databases, backups, and logs are encrypted at rest by default using service-managed keys or custom keys.
* **Data Protection and Backup**: includes options to manage flexible server backups for data recovery, perform geo-restore to recover a server in a different region, export server backups for external use (in Preview), and restore a server from backup to a specific point in time.
### Security Features
**The options are very similar to an Azure SQL Server.**
* **Authentication**: Its possible to configure the authentication as MySQL auth only, Entra ID auth only or both MySQL and Entra ID auth.
* If MySQL auth is enabled itll be possible to login with username + password
* If Entrad ID is configured the MySQL requires a user-assigned MI with enough permissions mentioned **[here](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-azure-ad#configure-the-microsoft-entra-admin)** and an Entra ID principal must be selected as admin.
* **Networking**: Its possible to allow public access indicating allowed IP addresses and private endpoints can also be used. Moreover its possible to allow access from any Azure service and configure more firewall rules.
* **Encryption**: All connections are protected with TLS 1.2 encryption. Databases, backups, and logs are encrypted at rest by default using service-managed keys but custom keys could also be used.
* **Data Protection and Backup**: Includes options to manage flexible server backups for data recover, and restore a server from backup to a specific point in time.
### Enumeration
@@ -27,7 +33,7 @@ Azure Database for MySQL is a fully managed relational database service based on
{{#tab name="az cli" }}
```bash
# List all flexible-servers
az mysql flexible-server db list --resource-group <resource-group-name>
az mysql flexible-server list --resource-group <resource-group-name>
# List databases in a flexible-server
az mysql flexible-server db list --resource-group <resource-group-name> --server-name <server_name>
# Show specific details of a MySQL database

2
src/pentesting-cloud/azure-security/az-services/az-queue.md
View File

@@ -83,7 +83,7 @@ $queueMessage.Value
### Persistence
{{#ref}}
../az-persistence/az-queue-persistance.md
../az-persistence/az-queue-persistence.md
{{#endref}}
## References

2
src/pentesting-cloud/azure-security/az-services/az-sql.md
View File

@@ -343,7 +343,7 @@ sqlcmd -S <sql-server>.database.windows.net -U <server-user> -P <server-passwork
### Persistence
{{#ref}}
../az-persistence/az-sql-persistance.md
../az-persistence/az-sql-persistence.md
{{#endref}}
{{#include ../../../banners/hacktricks-training.md}}

2
src/pentesting-cloud/gcp-security/gcp-persistence/gcp-non-svc-persistance.md → src/pentesting-cloud/gcp-security/gcp-persistence/gcp-non-svc-persistence.md
View File

@@ -1,4 +1,4 @@
# GCP - Token Persistance
# GCP - Token Persistence
{{#include ../../../banners/hacktricks-training.md}}

2
src/pentesting-cloud/gcp-security/gcp-to-workspace-pivoting/README.md
View File

@@ -133,7 +133,7 @@ Check **more enumeration in**:
You can find further information about the `gcloud` flow to login in:
{{#ref}}
../gcp-persistence/gcp-non-svc-persistance.md
../gcp-persistence/gcp-non-svc-persistence.md
{{#endref}}
As explained there, gcloud can request the scope **`https://www.googleapis.com/auth/drive`** which would allow a user to access the drive of the user.\

2
src/pentesting-cloud/workspace-security/gws-google-platforms-phishing/README.md
View File

@@ -146,7 +146,7 @@ Go to **`http://localhost:8000`** click on the Login with Google button, you wil
The application will show the **access and refresh token** than can be easily used. For more information about **how to use these tokens check**:
{{#ref}}
../../gcp-security/gcp-persistence/gcp-non-svc-persistance.md
../../gcp-security/gcp-persistence/gcp-non-svc-persistence.md
{{#endref}}
#### Using `glcoud`