Az - PostgreSQL Databases

Azure PostgreSQL

Azure Database for PostgreSQL is 'n volledig bestuurde relationele databasediens wat gebaseer is op die PostgreSQL Gemeenskapsuitgawe. Dit is ontwerp om skaalbaarheid, sekuriteit en buigsaamheid te bied vir diverse toepassingsbehoeftes. Soos Azure MySQL, bied PostgreSQL twee ontplooiingsmodelle:

Enkelbediener (op die aftreepad):

Geoptimaliseer vir eenvoudige, kostedoeltreffende PostgreSQL-ontplooiings.
Kenmerke outomatiese rugsteun, basiese monitering en hoë beskikbaarheid.
Ideaal vir toepassings met voorspelbare werklas.

Buigsame Bediener:

Bied groter beheer oor databasisbestuur en konfigurasie.
Ondersteun hoë beskikbaarheid, beide in dieselfde sone en oor sones.
Kenmerke elastiese skaalbaarheid, outomatiese onderhoud en kostebesparende funksionaliteit.
Laat die begin en stop van die bediener toe om koste te optimaliseer.

Sleutelkenmerke

Pasgemaakte Onderhoudsvensters: Skeduleer opdaterings om onderbrekings te minimaliseer.
Aktiewe Monitering: Toegang tot gedetailleerde metrieke en logs om databasisprestasie te volg en te verbeter.
Stop/Begin Bediener: Gebruikers kan die bediener stop en begin.
Outomatiese Rugsteun: Ingeboude daaglikse rugsteun met retensietydperke wat tot 35 dae konfigureerbaar is.
Rolgebaseerde Toegang: Beheer gebruikersregte en administratiewe toegang deur Azure Active Directory.
Sekuriteit en Netwerk: kan bediener-vuurmuurreëls bestuur vir veilige databasis toegang en ontkoppel virtuele netwerk konfigurasies soos nodig.

Enumerasie

{% tabs %} {% tab title="az cli" %} {% code overflow="wrap" %}

# List servers in a resource group
az postgres flexible-server list --resource-group <resource-group-name>
# List databases in a flexible-server
az postgres flexible-server db list --resource-group <resource-group-name> --server-name <server_name>
# Show specific details of a Postgre database
az postgres flexible-server db show --resource-group <resource-group-name> --server-name <server_name> --database-name <database_name>

# List firewall rules of the a server
az postgres flexible-server firewall-rule list --resource-group <resource-group-name> --name <server_name>
# List parameter values for a felxible server
az postgres flexible-server parameter list --resource-group <resource-group-name> --server-name <server_name>
# List private link
az postgres flexible-server private-link-resource list --resource-group <resource-group-name> --server-name <server_name>

# List all ad-admin in a server
az postgres flexible-server ad-admin list --resource-group <resource-group-name> --server-name <server_name>
# List all user assigned managed identities from the server
az postgres flexible-server identity list --resource-group <resource-group-name> --server-name <server_name>

# List the server backups
az postgres flexible-server backup list --resource-group <resource-group-name> --name <server_name>
# List all read replicas for a given server
az postgres flexible-server replica list --resource-group <resource-group-name> --name <server_name>
# List migrations
az postgres flexible-server migration list --resource-group <resource-group-name> --name <server_name>

# Get the server's advanced threat protection setting
az postgres flexible-server advanced-threat-protection-setting show --resource-group <resource-group-name> --name <server_name>
# List all of the maintenances of a flexible server
az postgres flexible-server maintenance list --resource-group <resource-group-name> --server-name <server_name>
# List log files for a server.
az postgres flexible-server server-logs list --resource-group <resource-group-name> --server-name <server_name>

{% endcode %} {% endtab %}

{% tab title="Az PowerShell" %} {% code overflow="wrap" %}

Get-Command -Module Az.PostgreSql

# List flexible-servers in a resource group
Get-AzPostgreSqlFlexibleServer -ResourceGroupName <resource-group-name>
# List databases in a flexible-server
Get-AzPostgreSqlFlexibleServerDatabase -ResourceGroupName <resource-group-name> -ServerName <server_name>

# List firewall rules of the a flexible-server
Get-AzPostgreSqlFlexibleServerFirewallRule -ResourceGroupName <resource-group-name> -ServerName <server_name>

# List configuration settings of a flexible server
Get-AzPostgreSqlFlexibleServerConfiguration -ResourceGroupName <resource-group-name> -ServerName <server_name>
# Get the connection string for a flexible server
Get-AzPostgreSqlFlexibleServerConnectionString -ResourceGroupName <resource-group-name> -ServerName <server_name> -Client <client>

Get-AzPostgreSqlFlexibleServerLocationBasedCapability -Location <location>

# List servers in a resource group
Get-AzPostgreSqlServer -ResourceGroupName <resource-group-name>

{% endcode %} {% endtab %} {% endtabs %}

Verbinding

Met die uitbreiding rdbms-connect kan jy toegang tot die databasis verkry met:

{% code overflow="wrap" %}

az postgres flexible-server connect -n <server-name> -u <username> -p <password> --interactive

#or execute commands
az postgres flexible-server execute \
-n <server-name> \
-u <username> \
-p "<password>" \
-d <database-name> \
--querytext "SELECT * FROM <table-name>;"

{% endcode %}

Of {% code overflow="wrap" %}

psql -h testpostgresserver1994.postgres.database.azure.com -p 5432 -U adminuser <database-name>

{% endcode %}

Verwysings

Privilege Escalation

{% content-ref url="../az-privilege-escalation/az-postgresql-privesc.md" %} az-postgresql-privesc.md {% endcontent-ref %}

Post Exploitation

{% content-ref url="../az-post-exploitation/az-postgresql-post-exploitation.md" %} az-postgresql-post-exploitation.md {% endcontent-ref %}

ToDo

Soek 'n manier om met ad-admin toegang te verkry om te verifieer dat dit 'n privesc metode is

6.4 KiB Raw Blame History