# Az - PostgreSQL Databases {{#include ../../../banners/hacktricks-training.md}} ## Azure PostgreSQL **Azure Database for PostgreSQL** is 'n volledig bestuurde **relationele databasediens wat gebaseer is op die PostgreSQL** Gemeenskapsuitgawe. Dit is ontwerp om skaalbaarheid, sekuriteit en buigsaamheid te bied vir diverse toepassingsbehoeftes. Soos Azure MySQL, bied PostgreSQL twee ontplooiingsmodelle: * **Enkelbediener** (op die aftreepad): - Geoptimaliseer vir eenvoudige, kostedoeltreffende PostgreSQL-ontplooiings. - Kenmerke outomatiese rugsteun, basiese monitering en hoë beskikbaarheid. - Ideaal vir toepassings met voorspelbare werklas. * **Buigsame Bediener**: - Bied groter beheer oor databasisbestuur en konfigurasie. - Ondersteun hoë beskikbaarheid, beide in dieselfde sone en oor sones. - Kenmerke elastiese skaalbaarheid, outomatiese onderhoud en kostebesparende funksionaliteit. - Laat die begin en stop van die bediener toe om koste te optimaliseer. ### Sleutelkenmerke * **Pasgemaakte Onderhoudsvensters**: Skeduleer opdaterings om onderbrekings te minimaliseer. * **Aktiewe Monitering**: Toegang tot gedetailleerde metrieke en logs om databasisprestasie te volg en te verbeter. * **Stop/Begin Bediener**: Gebruikers kan die bediener stop en begin. * **Outomatiese Rugsteun**: Ingeboude daaglikse rugsteun met retensietydperke wat tot 35 dae konfigureerbaar is. * **Rolgebaseerde Toegang**: Beheer gebruikersregte en administratiewe toegang deur Azure Active Directory. * **Sekuriteit en Netwerk**: kan bediener-vuurmuurreëls bestuur vir veilige databasis toegang en ontkoppel virtuele netwerk konfigurasies soos nodig. ### Enumerasie {% tabs %} {% tab title="az cli" %} {% code overflow="wrap" %} ```bash # List servers in a resource group az postgres flexible-server list --resource-group # List databases in a flexible-server az postgres flexible-server db list --resource-group --server-name # Show specific details of a Postgre database az postgres flexible-server db show --resource-group --server-name --database-name # List firewall rules of the a server az postgres flexible-server firewall-rule list --resource-group --name # List parameter values for a felxible server az postgres flexible-server parameter list --resource-group --server-name # List private link az postgres flexible-server private-link-resource list --resource-group --server-name # List all ad-admin in a server az postgres flexible-server ad-admin list --resource-group --server-name # List all user assigned managed identities from the server az postgres flexible-server identity list --resource-group --server-name # List the server backups az postgres flexible-server backup list --resource-group --name # List all read replicas for a given server az postgres flexible-server replica list --resource-group --name # List migrations az postgres flexible-server migration list --resource-group --name # Get the server's advanced threat protection setting az postgres flexible-server advanced-threat-protection-setting show --resource-group --name # List all of the maintenances of a flexible server az postgres flexible-server maintenance list --resource-group --server-name # List log files for a server. az postgres flexible-server server-logs list --resource-group --server-name ``` {% endcode %} {% endtab %} {% tab title="Az PowerShell" %} {% code overflow="wrap" %} ```bash Get-Command -Module Az.PostgreSql # List flexible-servers in a resource group Get-AzPostgreSqlFlexibleServer -ResourceGroupName # List databases in a flexible-server Get-AzPostgreSqlFlexibleServerDatabase -ResourceGroupName -ServerName # List firewall rules of the a flexible-server Get-AzPostgreSqlFlexibleServerFirewallRule -ResourceGroupName -ServerName # List configuration settings of a flexible server Get-AzPostgreSqlFlexibleServerConfiguration -ResourceGroupName -ServerName # Get the connection string for a flexible server Get-AzPostgreSqlFlexibleServerConnectionString -ResourceGroupName -ServerName -Client Get-AzPostgreSqlFlexibleServerLocationBasedCapability -Location # List servers in a resource group Get-AzPostgreSqlServer -ResourceGroupName ``` {% endcode %} {% endtab %} {% endtabs %} ### Verbinding Met die uitbreiding rdbms-connect kan jy toegang tot die databasis verkry met: {% code overflow="wrap" %} ```bash az postgres flexible-server connect -n -u -p --interactive #or execute commands az postgres flexible-server execute \ -n \ -u \ -p "" \ -d \ --querytext "SELECT * FROM ;" ``` {% endcode %} Of {% code overflow="wrap" %} ```bash psql -h testpostgresserver1994.postgres.database.azure.com -p 5432 -U adminuser ``` {% endcode %} ## Verwysings * [https://learn.microsoft.com/en-us/azure/postgresql/](https://learn.microsoft.com/en-us/azure/postgresql/) * [https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/service-overview](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/service-overview) * [https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/overview](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/overview) ## Privilege Escalation {% content-ref url="../az-privilege-escalation/az-postgresql-privesc.md" %} [az-postgresql-privesc.md](../az-privilege-escalation/az-postgresql-privesc.md) {% endcontent-ref %} ## Post Exploitation {% content-ref url="../az-post-exploitation/az-postgresql-post-exploitation.md" %} [az-postgresql-post-exploitation.md](../az-post-exploitation/az-postgresql-post-exploitation.md) {% endcontent-ref %} ## ToDo * Soek 'n manier om met ad-admin toegang te verkry om te verifieer dat dit 'n privesc metode is {{#include ../../../banners/hacktricks-training.md}}