# GCP - Cloud SQL Persistence

{{#include ../../../banners/hacktricks-training.md}}

## Cloud SQL

For more information about Cloud SQL check:

{{#ref}}
../gcp-services/gcp-cloud-sql-enum.md
{{#endref}}

### Expose the database and whitelist your IP address

A database only accessible from an internal VPC can be exposed externally and your IP address can be whitelisted so you can access it.\
For more information check the technique in:

{{#ref}}
../gcp-post-exploitation/gcp-cloud-sql-post-exploitation.md
{{#endref}}

### Create a new user / Update users password / Get password of a user

To connect to a database you **just need access to the port** exposed by the database and a **username** and **password**. With e**nough privileges** you could **create a new user** or **update** an existing user **password**.\
Another option would be to **brute force the password of an user** by trying several password or by accessing the **hashed** password of the user inside the database (if possible) and cracking it.\
Remember that **it's possible to list the users of a database** using GCP API.

> [!NOTE]
> You can create/update users using GCP API or from inside the databae if you have enough permissions.

For more information check the technique in:

{{#ref}}
../gcp-post-exploitation/gcp-cloud-sql-post-exploitation.md
{{#endref}}

{{#include ../../../banners/hacktricks-training.md}}