From a2fc1bb9e4cd2524172a5bd93c0c86dc2449a97d Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Sun, 27 Apr 2025 23:34:53 +0200 Subject: [PATCH] add --- .../az-privilege-escalation/az-postgresql-privesc.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-postgresql-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-postgresql-privesc.md index 6d4185bed..846833ce0 100644 --- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-postgresql-privesc.md +++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-postgresql-privesc.md @@ -26,13 +26,19 @@ az postgres flexible-server create \ --version ``` -For example, this permissions allow changing the PostgreSQL password, usefull of course in case that PostgreSQL authentication is enabled. +For example, this permissions allow changing the PostgreSQL password, usefull of course in case that PostgreSQL authentication is enabled: ```bash +# Using the CLI az postgres flexible-server update \ --resource-group \ --name \ --admin-password + +# Using the API +az rest --method patch \ + --url "https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.DBforPostgreSQL/flexibleServers/?api-version=2024-11-01-preview" \ + --body '{"properties": {"administratorLoginPassword": ""}} ``` Furthermore, with the permissions you can enable the assigned identity, and operate with the managed identity attached to the server. Here you can find all the extensions that Azure PostgreSQL flexible server supports [https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/reference-extensions](https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/reference-extensions). To be able to use these extensions some server parameters (azure.extensions) need to be changed. For example here with a managed identity that can access Azure Storage: