GCP - Cloud SQL Post Exploitation
Cloud SQL
For more information about Cloud SQL check:
pageGCP - Cloud SQL Enumcloudsql.instances.update
, ( cloudsql.instances.get
)
cloudsql.instances.update
, ( cloudsql.instances.get
)To connect to the databases you just need access to the database port and know the username and password, there isn't any IAM requirements. So, an easy way to get access, supposing that the database has a public IP address, is to update the allowed networks and allow your own IP address to access it.
It's also possible to use --no-backup
to disrupt the backups of the database.
As these are the requirements I'm not completely sure what are the permissions cloudsql.instances.connect
and cloudsql.instances.login
for. If you know it send a PR!
cloudsql.users.list
cloudsql.users.list
Get a list of all the users of the database:
cloudsql.users.create
cloudsql.users.create
This permission allows to create a new user inside the database:
cloudsql.users.update
cloudsql.users.update
This permission allows to update user inside the database. For example, you could change its password:
cloudsql.instances.restoreBackup
, cloudsql.backupRuns.get
cloudsql.instances.restoreBackup
, cloudsql.backupRuns.get
Backups might contain old sensitive information, so it's interesting to check them. Restore a backup inside a database:
To do it in a more stealth way it's recommended to create a new SQL instance and recover the data there instead of in the currently running databases.
cloudsql.backupRuns.delete
cloudsql.backupRuns.delete
This permission allow to delete backups:
cloudsql.instances.export
, storage.objects.create
cloudsql.instances.export
, storage.objects.create
Export a database to a Cloud Storage Bucket so you can access it from there:
cloudsql.instances.import
, storage.objects.get
cloudsql.instances.import
, storage.objects.get
Import a database (overwrite) from a Cloud Storage Bucket:
cloudsql.databases.delete
cloudsql.databases.delete
Delete a database from the db instance:
Last updated