gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-30 22:50:43 -08:00
Code Issues Packages Projects Releases Wiki Activity

asd

Browse Source
This commit is contained in:
Jimmy
2025-02-20 00:55:53 +01:00
parent 4313cc72bc
commit e3ca81040e
8 changed files with 187 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
src/pentesting-cloud/azure-security/az-services/az-sql.md
View File

@@ -4,9 +4,7 @@
## Azure SQL
Azure SQL is a family of managed database products that use the **SQL Server database** engine in the Azure cloud. This means you don't have to worry about the physical administration of your servers, and you can focus on managing your data.
Assigned domain: `<server-name>.database.windows.net`
Azure SQL is a family of managed, secure, and intelligent products that use the **SQL Server database engine in the Azure cloud**. This means you don't have to worry about the physical administration of your servers, and you can focus on managing your data.
Azure SQL consists of four main offerings:
@@ -15,10 +13,6 @@ Azure SQL consists of four main offerings:
3. **Azure SQL Managed Instance**: This is for larger scale, entire SQL Server instance-scoped deployments.
4. **Azure SQL Server on Azure VMs**: This is best for architectures where you want **control over the operating system **and SQL Server instance.
## Azure SQL Server
Azure SQL Server is relational database management system (RDBMS) that uses Transact-SQL for data operations and is built to handle enterprise-level systems. It offers robust features for performance, security, scalability, and integration with various Microsoft applications. Azure SQL databases rely on this server, as these are built on this servers and it is the entrypoint for user to access the databases.
### SQL Server Security Features
**Network access:**
@@ -58,7 +52,6 @@ Note that if any SQL auth is allowed an admin user (username + password) needs t
**Deleted databases:**
- Its possible to restore DBs that have been deleted from existing backups.
## Azure SQL Database
**Azure SQL Database** is a **fully managed database platform as a service (PaaS)** that provides scalable and secure relational database solutions. It's built on the latest SQL Server technologies and eliminates the need for infrastructure management, making it a popular choice for cloud-based applications.
@@ -81,6 +74,14 @@ To create a SQL database its needed to indicate the SQL server where itll
A SQL database could be part of an **elastic Pool**. Elastic pools are a cost-effective solution for managing multiple databases by sharing configurable compute (eDTUs) and storage resources among them, with pricing based solely on the resources allocated rather than the number of databases.
#### Azure SQL Column Level Security (Masking) & Row Level Security
**Azure SQL's dynamic** data masking is a feature that helps **protect sensitive information by hiding it** from unauthorized users. Instead of altering the actual data, it dynamically masks the displayed data, ensuring that sensitive details like credit card numbers are obscured.
The **Dynamic Data Masking** affects to all users except the ones that are unmasked (these users need to be indicated) and administrators. It has the configuration option that specifies which SQL users are exempt from dynamic data masking, with **administrators always excluded**.
**Azure SQL Row Level Security (RLS)** is a feature that **controls which rows a user can view or modify**, ensuring each user only sees the data relevant to them. By creating security policies with filter or block predicates, organizations can enforce fine-grained access at the database level.
### Azure SQL Managed Instance
**Azure SQL Managed Instances** are for larger scale, entire SQL Server instance-scoped deployments. It provides near 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine, which provides a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for on-premises SQL Server customers.
@@ -165,6 +166,30 @@ az sql midb show --resource-group <res-grp> --name <name>
# Lis all sql VM
az sql vm list
az sql vm show --resource-group <res-grp> --name <name>
# List schema by the database
az rest --method get \
--uri "https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Sql/servers/<serverName>/databases/<databaseName>/schemas?api-version=2021-11-01"
# Get tables of a database with the schema
az rest --method get \
--uri "https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Sql/servers/<serverName>/databases/<databaseName>/schemas/<schemaName>/tables?api-version=2021-11-01"
# Get columns of a database
az rest --method get \
--uri "https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Sql/servers/<serverName>/databases/<databaseName>/columns?api-version=2021-11-01"
# Get columns of a table
az rest --method get \
--uri "https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Sql/servers/<serverName>/databases/<databaseName>/schemas/<schemaName>/tables/<tableName>/columns?api-version=2021-11-01"
# Get DataMaskingPolicies of a database
az rest --method get \
--uri "https://management.azure.com/subscriptions/9291ff6e-6afb-430e-82a4-6f04b2d05c7f/resourceGroups/Resource_Group_1/providers/Microsoft.Sql/servers/getstorageserver/databases/masktest/dataMaskingPolicies/Default?api-version=2021-11-01"
az rest --method get \
--uri "https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Sql/servers/<serverName>/databases/<databaseName>/dataMaskingPolicies/Default/rules?api-version=2021-11-01"
```
{{#endtab}}
@@ -212,6 +237,33 @@ Get-AzSqlVM
{{#endtab}}
{{#endtabs}}
Additionally if you want to enumerate the Dynamic Data Masking, and Row Level policies, within the database, you can query:
```sql
--Enumerates the masked columns
SELECT
OBJECT_NAME(mc.object_id) AS TableName,
c.name AS ColumnName,
mc.masking_function AS MaskingFunction
FROM sys.masked_columns AS mc
JOIN sys.columns AS c
ON mc.object_id = c.object_id
AND mc.column_id = c.column_id
--Enumerates Row level policies
SELECT
sp.name AS PolicyName,
sp.is_enabled,
sp.create_date,
sp.modify_date,
OBJECT_NAME(sp.object_id) AS TableName,
sp2.predicate_definition AS PredicateDefinition
FROM sys.security_policies AS sp
JOIN sys.security_predicates AS sp2
ON sp.object_id = sp2.object_id;
```
### Connect and run SQL queries
You could find a connection string (containing credentials) from example [enumerating an Az WebApp](az-app-services.md):
@@ -264,3 +316,5 @@ sqlcmd -S <sql-server>.database.windows.net -U <server-user> -P <server-passwork