Basic Information

Google Cloud SQL is a managed service that simplifies setting up, maintaining, and administering relational databases like MySQL, PostgreSQL, and SQL Server on Google Cloud Platform, removing the need to handle tasks like hardware provisioning, database setup, patching, and backups.

Key features of Google Cloud SQL include:

1. Fully Managed: Google Cloud SQL is a fully-managed service, meaning that Google handles database maintenance tasks like patching, updates, backups, and configuration.

2. Scalability: It provides the ability to scale your database's storage capacity and compute resources, often without downtime.

3. High Availability: Offers high availability configurations, ensuring your database services are reliable and can withstand zone or instance failures.

4. Security: Provides robust security features like data encryption, Identity and Access Management (IAM) controls, and network isolation using private IPs and VPC.

5. Backups and Recovery: Supports automatic backups and point-in-time recovery, helping you safeguard and restore your data.

6. Integration: Seamlessly integrates with other Google Cloud services, providing a comprehensive solution for building, deploying, and managing applications.

7. Performance: Offers performance metrics and diagnostics to monitor, troubleshoot, and improve database performance.

Password

In the web console Cloud SQL allows the user to set the password of the database, there also a generate feature, but most importantly, MySQL allows to leave an empty password and all of them allows to set as password just the char "a":

It's also possible to configure a password policy requiring length, complexity, disabling reuse and disabling username in password. All are disabled by default.

SQL Server can be configured with Active Directory Authentication.

Zone Availability

The database can be available in 1 zone or in multiple, of course, it's recommended to have important databases in multiple zones.

Encryption

By default a Google-managed encryption key is used, but it's also possible to select a Customer-managed encryption key (CMEK).

Connections

• Private IP: Indicate the VPC network and the database will get an private IP inside the network

• Public IP: The database will get a public IP, but by default no-one will be able to connect

  • Authorized networks: Indicate public IP ranges that should be allowed to connect to the database

• Private Path: If the DB is connected in some VPC, it's possible to enable this option and give other GCP services like BigQuery access over it

Data Protection

• Daily backups: Perform automatic daily backups and indicate the number of backups you want to maintain.

• Point-in-time recovery: Allows you to recover data from a specific point in time, down to a fraction of a second.

• Deletion Protection: If enabled, the DB won't be able to be deleted until this feature is disabled

Enumeration

# Get SQL instances
gcloud sql instances list
gcloud sql instances describe <inst-name> # get IPs, CACert, settings

# Get database names inside an instance (like information_schema, sys...)
gcloud sql databases list --instance <intance-name>
gcloud sql databases describe <db-name> --instance <intance-name>

# Get usernames inside the db instance
gcloud sql users list --instance <intance-name>

# Backups
gcloud sql backups list --instance <intance-name>
gcloud sql backups describe <backup-name> --instance <intance-name>

Unauthenticated Enum

Post Exploitation

Persistence