gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-14 22:03:11 -08:00
Code Issues Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Carlos Polop
2025-02-20 13:08:24 +01:00
parent 892232fe26
commit bee34f3c05
13 changed files with 35 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/pentesting-cloud/azure-security/az-post-exploitation/az-mysql-post-exploitation.md
View File

@@ -20,17 +20,6 @@ az mysql flexible-server db create \
--database-name <database_name>
```
### `Microsoft.DBforMySQL/flexibleServers/backups/write`
With this permission, you can initiate the creation of backups for a MySQL Flexible Server instance on Azure. This allows users to generate on-demand backups, which can be useful for preserving data at specific points in time.
```bash
az mysql flexible-server backup create \
--name <server_name> \
--resource-group <resource_group_name>
--backup-name <backup_name>
```
### `Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings/write`
With this permission, you can configure or update the Advanced Threat Protection (ATP) settings for a MySQL Flexible Server instance on Azure. This allows enabling or diabling security features designed to detect and respond to anomalous activities and potential threats.

20
src/pentesting-cloud/azure-security/az-post-exploitation/az-postgresql-post-exploitation.md
View File

@@ -9,6 +9,16 @@ For more information about PostgreSQL Database check:
../az-services/az-postgresql.md
{{#endref}}
### Use pg_azure_storage extension to access Storage accounts
It's possible to use the extension **`pg_azure_storage` to access Azure Storage accounts** from a PostgreSQL server. This will use the permissions of the managed identity assigned to the server to access the storage account.
For more information check this technique explained in the privilege escalation section:
{{#ref}}
../az-privilege-escalation/az-postgresql-privesc.md
{{#endref}}
### `Microsoft.DBforPostgreSQL/flexibleServers/databases/write` && `Microsoft.DBforPostgreSQL/flexibleServers/databases/read`
With this permission, you can create new databases within a Postgres Flexible Server instance on Azure. While this action itself does not modify existing resources, excessive or unauthorized creation of databases could lead to resource consumption, or potential misuse of the server.
@@ -20,16 +30,6 @@ az postgres flexible-server db create \
--database-name <database_name>
```
### `Microsoft.DBforPostgreSQL/flexibleServers/backups/write`
With this permission, you can initiate the creation of backups for a Postgres Flexible Server instance on Azure. This allows users to generate on-demand backups, which can be useful for preserving data at specific points in time.
```bash
az postgres flexible-server backup create \
--name <server_name> \
--resource-group <resource_group_name>
--backup-name <backup_name>
```
### `Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/write` && `Microsoft.DBforPostgreSQL/flexibleServers/advancedThreatProtectionSettings/read`