Merge pull request #161 from JaimePolop/master

sql and servicebus
HackTricks-wiki · Feb 17, 2025 · 2f5dd46 · 2f5dd46
2 parents 031f2af + e1504e8
commit 2f5dd46
Show file tree

Hide file tree

Showing 15 changed files with 394 additions and 170 deletions.
diff --git a/searchindex.js b/searchindex.js
diff --git a/searchindex.json b/searchindex.json
diff --git a/src/pentesting-cloud/aws-security/aws-services/aws-organizations-enum.md b/src/pentesting-cloud/aws-security/aws-services/aws-organizations-enum.md
@@ -42,7 +42,7 @@ aws iam get-account-summary
 
 ## References
 
-- https://aws.amazon.com/organizations/
+- [https://aws.amazon.com/organizations/](https://aws.amazon.com/organizations/)
 
 {{#include ../../../banners/hacktricks-training.md}}
 

diff --git a/src/pentesting-cloud/aws-security/aws-services/aws-sqs-and-sns-enum.md b/src/pentesting-cloud/aws-security/aws-services/aws-sqs-and-sns-enum.md
@@ -48,7 +48,7 @@ aws sqs send-message --queue-url <value> --message-body <value>
 
 ## References
 
-- https://docs.aws.amazon.com/cdk/api/v2/python/aws\_cdk.aws\_sqs/README.html
+- [https://docs.aws.amazon.com/cdk/api/v2/python/aws\_cdk.aws\_sqs/README.html](https://docs.aws.amazon.com/cdk/api/v2/python/aws\_cdk.aws\_sqs/README.html)
 
 {{#include ../../../banners/hacktricks-training.md}}
 

diff --git a/src/pentesting-cloud/azure-security/az-persistence/az-queue-persistance.md b/src/pentesting-cloud/azure-security/az-persistence/az-queue-persistance.md
@@ -24,9 +24,9 @@ az storage queue policy set --name <queue-name> --permissions rwd --expiry 2024-
 
 ## References
 
-- https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues
-- https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api
-- https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes
+- [https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues](https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues)
+- [https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api](https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api)
+- [https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes](https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes)
 
 {{#include ../../../banners/hacktricks-training.md}}
 

diff --git a/...testing-cloud/azure-security/az-post-exploitation/az-queue-post-exploitation.md b/...testing-cloud/azure-security/az-post-exploitation/az-queue-post-exploitation.md
@@ -82,9 +82,9 @@ az storage queue policy set --name <queue-name> --permissions rwd --expiry 2024-
 
 ## References
 
-- https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues
-- https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api
-- https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes
+- [https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues](https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues)
+- [https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api](https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api)
+- [https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes](https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes)
 
 {{#include ../../../banners/hacktricks-training.md}}
 

diff --git a/...ng-cloud/azure-security/az-post-exploitation/az-servicebus-post-exploitation.md b/...ng-cloud/azure-security/az-post-exploitation/az-servicebus-post-exploitation.md
@@ -42,15 +42,6 @@ An attacker with this permission can delete an Azure Service Bus subscription. T
 az servicebus topic subscription delete --resource-group <ResourceGroupName> --namespace-name <NamespaceName> --topic-name <TopicName> --name <SubscriptionName>
 ```
 
-### Actions: `Microsoft.ServiceBus/namespaces/write` & `Microsoft.ServiceBus/namespaces/read`
-
-An attacker with permissions to create or modify Azure Service Bus namespaces can exploit this to disrupt operations, deploy unauthorized resources, or expose sensitive data. They can alter critical configurations such as enabling public network access, downgrading encryption settings, or changing SKUs to degrade performance or increase costs. Additionally, they could disable local authentication, manipulate replica locations, or adjust TLS versions to weaken security controls, making namespace misconfiguration a significant post-exploitation risk.
-
-```bash
-az servicebus namespace create --resource-group <ResourceGroupName> --name <NamespaceName> --location <Location>
-az servicebus namespace update --resource-group <ResourceGroupName> --name <NamespaceName> --tags <Key=Value>
-```
-
 ### Actions: `Microsoft.ServiceBus/namespaces/queues/write` (`Microsoft.ServiceBus/namespaces/queues/read`)
 
 An attacker with permissions to create or modify Azure Service Bus queues (to modiffy the queue you will also need the Action:`Microsoft.ServiceBus/namespaces/queues/read`) can exploit this to intercept data, disrupt workflows, or enable unauthorized access. They can alter critical configurations such as forwarding messages to malicious endpoints, adjusting message TTL to retain or delete data improperly, or enabling dead-lettering to interfere with error handling. Additionally, they could manipulate queue sizes, lock durations, or statuses to disrupt service functionality or evade detection, making this a significant post-exploitation risk.
@@ -88,13 +79,13 @@ Take a look here:
 
 ## References
 
-- https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues
-- https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api
-- https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes
-- https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-python-how-to-use-topics-subscriptions?tabs=passwordless
-- https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration#microsoftservicebus
-- https://learn.microsoft.com/en-us/cli/azure/servicebus/namespace?view=azure-cli-latest
-- https://learn.microsoft.com/en-us/cli/azure/servicebus/queue?view=azure-cli-latest
+- [https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues](https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues)
+- [https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api](https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api)
+- [https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes](https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes)
+- [https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-python-how-to-use-topics-subscriptions?tabs=passwordless](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-python-how-to-use-topics-subscriptions?tabs=passwordless)
+- [https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration#microsoftservicebus](https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration#microsoftservicebus)
+- [https://learn.microsoft.com/en-us/cli/azure/servicebus/namespace?view=azure-cli-latest](https://learn.microsoft.com/en-us/cli/azure/servicebus/namespace?view=azure-cli-latest)
+- [https://learn.microsoft.com/en-us/cli/azure/servicebus/queue?view=azure-cli-latest](https://learn.microsoft.com/en-us/cli/azure/servicebus/queue?view=azure-cli-latest)
 
 {{#include ../../../banners/hacktricks-training.md}}
 

diff --git a/...entesting-cloud/azure-security/az-post-exploitation/az-sql-post-exploitation.md b/...entesting-cloud/azure-security/az-post-exploitation/az-sql-post-exploitation.md
@@ -12,7 +12,7 @@ For more information about SQL Database check:
 
 ### `Microsoft.Sql/servers/databases/read`, `Microsoft.Sql/servers/read` && `Microsoft.Sql/servers/databases/write`
 
-With these permissions, an attacker can create and update databases within the compromised environment. This post-exploitation activity could allow an attacker to add malicious data, modify database configurations, or insert backdoors for further persistence, potentially disrupting operations or enabling additional malicious actions.
+With these permissions, an attacker can create and update databases within the compromised environment. This post-exploitation activity could allow an attacker to add malicious data, modify database configurations, or insert backdoors for further persistence, potentially disrupting operations or enabling additional malicious actions. 
 
 ```bash
 # Create Database
@@ -22,6 +22,18 @@ az sql db create --resource-group <resource-group> --server <server-name> --name
 az sql db update --resource-group <resource-group> --server <server-name> --name <database-name> --max-size <max-size-in-bytes>
 ```
 
+With this permissions (`Microsoft.Sql/servers/read` && `Microsoft.Sql/servers/databases/write`) you can restore a deleted database:
+
+```bash
+az sql db restore \
+  --dest-name <new_database_name> \
+  --name <original_database_name> \
+  --resource-group <resource_group> \
+  --server <server_name> \
+  --deleted-time "<deleted_time_ISO_format>"
+
+```
+
 ### `Microsoft.Sql/servers/elasticPools/write` && `Microsoft.Sql/servers/elasticPools/read`
 
 With these permissions, an attacker can create and update elasticPools within the compromised environment. This post-exploitation activity could allow an attacker to add malicious data, modify database configurations, or insert backdoors for further persistence, potentially disrupting operations or enabling additional malicious actions.
@@ -99,6 +111,51 @@ az sql db import --admin-user <admin-user> \
 --storage-uri `https://<storage-account-name>.blob.core.windows.net/bacpac-container/MyDatabase.bacpac`
 ```
 
+### `Microsoft.Sql/servers/connectionPolicies/write` && `Microsoft.Sql/servers/connectionPolicies/read`
+
+With this permissions, a user can modify and retrieve the connection policies of an Azure SQL server. These permissions allow someone to change how clients connect to the server—choosing between methods like redirect or proxy—which could be exploited to weaken security, redirect traffic, or intercept sensitive data if misconfigured.
+
+```bash
+az sql server conn-policy update \
+  --resource-group <resource_group> \
+  --server <server_name> \
+  --connection-policy <policy>
+```
+
+### `Microsoft.Sql/servers/keys/write` && `Microsoft.Sql/servers/keys/read`
+
+With this permissions, a user can update and retrieve encryption keys associated with an Azure SQL Server. These keys are often used for securing sensitive data through encryption, so manipulating them could compromise data security by allowing unauthorized decryption or key rotation changes.
+
+```bash
+az sql server key create \
+  --resource-group MyResourceGroup \
+  --server MyServer \
+  --kid "https://mykeyvault.vault.azure.net/keys/mykey/1234567890abcdef
+```
+
+### `Microsoft.Sql/servers/databases/ledgerDigestUploads/disable/action`, `Microsoft.Sql/locations/ledgerDigestUploadsAzureAsyncOperation/read`, `Microsoft.Sql/locations/ledgerDigestUploadsOperationResults/read`
+
+This permissions permission allows disabling Ledger Digest for an Azure SQL Database, which stops the periodic uploading of cryptographic digest records to Azure Blob Storage that verifies the integrity of data.
+
+```bash
+az sql db ledger-digest-uploads disable \
+  --name ledgerDB \
+  --resource-group myResourceGroup \
+  --server my-sql-server
+```
+
+### `Microsoft.Sql/servers/databases/transparentDataEncryption/write`, `Microsoft.Sql/locations/transparentDataEncryptionAzureAsyncOperation/read`, `Microsoft.Sql/servers/databases/transparentDataEncryption/read`
+
+This permission allows an authorized user or attacker to enable, disable, or modify Transparent Data Encryption (TDE) settings on an Azure SQL database, potentially impacting data security by altering encryption configurations.
+
+```bash
+az sql db tde set \
+  --database <database-name> \
+  --resource-group <resource-group-name> \
+  --server <server-name> \
+  --status <Enabled|Disabled>
+```
+
 {{#include ../../../banners/hacktricks-training.md}}
 
 

diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-queue-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-queue-privesc.md
@@ -66,9 +66,9 @@ az storage queue policy set --name <queue-name> --permissions rwd --expiry 2024-
 
 ## References
 
-- https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues
-- https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api
-- https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes
+- [https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues](https://learn.microsoft.com/en-us/azure/storage/queues/storage-powershell-how-to-use-queues)
+- [https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api](https://learn.microsoft.com/en-us/rest/api/storageservices/queue-service-rest-api)
+- [https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes](https://learn.microsoft.com/en-us/azure/storage/queues/queues-auth-abac-attributes)
 
 {{#include ../../../banners/hacktricks-training.md}}