Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
For more information about Cloud SQL check:
GCP - Cloud SQL Enum
cloudsql.instances.update, ( cloudsql.instances.get)To connect to the databases you just need access to the database port and know the username and password, there isn't any IAM requirements. So, an easy way to get access, supposing that the database has a public IP address, is to update the allowed networks and allow your own IP address to access it.
It's also possible to use --no-backup to disrupt the backups of the database.
As these are the requirements I'm not completely sure what are the permissions cloudsql.instances.connect and cloudsql.instances.login for. If you know it send a PR!
cloudsql.users.listGet a list of all the users of the database:
cloudsql.users.createThis permission allows to create a new user inside the database:
cloudsql.users.updateThis permission allows to update user inside the database. For example, you could change its password:
cloudsql.instances.restoreBackup, cloudsql.backupRuns.getBackups might contain old sensitive information, so it's interesting to check them. Restore a backup inside a database:
To do it in a more stealth way it's recommended to create a new SQL instance and recover the data there instead of in the currently running databases.
cloudsql.backupRuns.deleteThis permission allow to delete backups:
cloudsql.instances.export, storage.objects.createExport a database to a Cloud Storage Bucket so you can access it from there:
cloudsql.instances.import, storage.objects.getImport a database (overwrite) from a Cloud Storage Bucket:
cloudsql.databases.deleteDelete a database from the db instance:
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
