# Az - PostgreSQL Databases
{% hint style="success" %}
Learn & practice AWS Hacking: (1) (1) (1).png)
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking:  (1).png)
[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
## Azure PostgreSQL
**Azure Database for PostgreSQL** is a fully managed **relational database service based on the PostgreSQL** Community Edition. It is designed to provide scalability, security, and flexibility for diverse application needs. Similar to Azure MySQL, PostgreSQL offers two deployment models:
* **Single Server** (on the retirement path):
- Optimized for straightforward, cost-effective PostgreSQL deployments.
- Features automated backups, basic monitoring, and high availability.
- Ideal for applications with predictable workloads.
* **Flexible Server**:
- Provides greater control over database management and configuration.
- Supports high availability, both in the same zone and across zones.
- Features elastic scaling, automated maintenance, and cost-saving functionality.
- Allows starting and stopping the server to optimize costs.
### Key Features
* **Custom Maintenance Windows**: Schedule updates to minimize disruption.
* **Active Monitoring**: Access detailed metrics and logs to track and improve database performance.
* **Stop/Start Server**: Users can stop and start the server.
* **Automatic Backups**: Built-in daily backups with retention periods configurable up to 35 days.
* **Role-Based Access**: Control user permissions and administrative access through Azure Active Directory.
* **Security and Networking**: can manage server firewall rules for secure database access and detach virtual network configurations as needed.
### Enumeration
{% tabs %}
{% tab title="az cli" %}
{% code overflow="wrap" %}
```bash
# List servers in a resource group
az postgres flexible-server list --resource-group
# List databases in a flexible-server
az postgres flexible-server db list --resource-group --server-name
# Show specific details of a Postgre database
az postgres flexible-server db show --resource-group --server-name --database-name
# List firewall rules of the a server
az postgres flexible-server firewall-rule list --resource-group --name
# List parameter values for a felxible server
az postgres flexible-server parameter list --resource-group --server-name
# List private link
az postgres flexible-server private-link-resource list --resource-group --server-name
# List all ad-admin in a server
az postgres flexible-server ad-admin list --resource-group --server-name
# List all user assigned managed identities from the server
az postgres flexible-server identity list --resource-group --server-name
# List the server backups
az postgres flexible-server backup list --resource-group --name
# List all read replicas for a given server
az postgres flexible-server replica list --resource-group --name
# List migrations
az postgres flexible-server migration list --resource-group --name
# Get the server's advanced threat protection setting
az postgres flexible-server advanced-threat-protection-setting show --resource-group --name
# List all of the maintenances of a flexible server
az postgres flexible-server maintenance list --resource-group --server-name
# List log files for a server.
az postgres flexible-server server-logs list --resource-group --server-name
```
{% endcode %}
{% endtab %}
{% tab title="Az PowerShell" %}
{% code overflow="wrap" %}
```powershell
Get-Command -Module Az.PostgreSql
# List flexible-servers in a resource group
Get-AzPostgreSqlFlexibleServer -ResourceGroupName
# List databases in a flexible-server
Get-AzPostgreSqlFlexibleServerDatabase -ResourceGroupName -ServerName
# List firewall rules of the a flexible-server
Get-AzPostgreSqlFlexibleServerFirewallRule -ResourceGroupName -ServerName
# List configuration settings of a flexible server
Get-AzPostgreSqlFlexibleServerConfiguration -ResourceGroupName -ServerName
# Get the connection string for a flexible server
Get-AzPostgreSqlFlexibleServerConnectionString -ResourceGroupName -ServerName -Client
Get-AzPostgreSqlFlexibleServerLocationBasedCapability -Location
# List servers in a resource group
Get-AzPostgreSqlServer -ResourceGroupName
```
{% endcode %}
{% endtab %}
{% endtabs %}
### Connection
With the extension rdbms-connect you can access the database with:
{% code overflow="wrap" %}
```bash
az postgres flexible-server connect -n -u -p --interactive
#or execute commands
az postgres flexible-server execute \
-n \
-u \
-p "" \
-d \
--querytext "SELECT * FROM ;"
```
{% endcode %}
Or
{% code overflow="wrap" %}
```bash
psql -h testpostgresserver1994.postgres.database.azure.com -p 5432 -U adminuser
```
{% endcode %}
## References
* [https://learn.microsoft.com/en-us/azure/postgresql/](https://learn.microsoft.com/en-us/azure/postgresql/)
* [https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/service-overview](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/service-overview)
* [https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/overview](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/overview)
## Privilege Escalation
{% content-ref url="../az-privilege-escalation/az-postgresql-privesc.md" %}
[az-postgresql-privesc.md](../az-privilege-escalation/az-postgresql-privesc.md)
{% endcontent-ref %}
## Post Exploitation
{% content-ref url="../az-post-exploitation/az-postgresql-post-exploitation.md" %}
[az-postgresql-post-exploitation.md](../az-post-exploitation/az-postgresql-post-exploitation.md)
{% endcontent-ref %}
## ToDo
* Look a way to access with ad-admin to verify its a privesc method
{% hint style="success" %}
Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}