Links

Az - SQL

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:

Basic Information

From the docs: Azure SQL is a family of managed, secure, and intelligent products that use the SQL Server database engine in the Azure cloud. This means you don't have to worry about the physical administration of your servers, and you can focus on managing your data.
Azure SQL consists of three main offerings:
  1. 1.
    Azure SQL Database: This is a fully-managed database service, which allows you to host individual databases in the Azure cloud. It offers built-in intelligence that learns your unique database patterns and provides customized recommendations and automatic tuning.
  2. 2.
    Azure SQL Managed Instance: This is for larger scale, entire SQL Server instance-scoped deployments. It provides near 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine, which provides a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for on-premises SQL Server customers.
  3. 3.
    Azure SQL Server on Azure VMs: This is Infrastructure as a Service (IaaS) and is best for migrations where you want control over the operating system and SQL Server instance, like it was a server running on-premises.

Enumeration

az sql server list
az sql server show --resource-group <res-grp> --name <name>
az sql db list --server <server> --resource-group <res-grp>
az sql mi list
az sql mi show --resource-group <res-grp> --name <name>
az sql midb list
az sql midb show --resource-group <res-grp> --name <name>
az sql vm list
az sql vm show --resource-group <res-grp> --name <name>

Connect and run SQL queries

You could find a connection string (containing credentials) from example enumerating an Az WebApp:
function invoke-sql{
param($query)
$Connection_string = "Server=tcp:supercorp.database.windows.net,1433;Initial Catalog=flag;Persist Security Info=False;User ID=db_read;Password=gAegH!324fAG!#1fht;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
$Connection = New-Object System.Data.SqlClient.SqlConnection $Connection_string
$Connection.Open()
$Command = New-Object System.Data.SqlClient.SqlCommand
$Command.Connection = $Connection
$Command.CommandText = $query
$Reader = $Command.ExecuteReader()
while ($Reader.Read()) {
$Reader.GetValue(0)
}
$Connection.Close()
}
invoke-sql 'Select Distinct TABLE_NAME From information_schema.TABLES;'

References

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks: