add

Author: carlospolop

src/pentesting-cloud/azure-security/az-privilege-escalation/az-postgresql-privesc.md

@@ -26,13 +26,19 @@ az postgres flexible-server create \
     --version <PostgreSQLVersion>
 ```
 
-For example, this permissions allow changing the PostgreSQL password, usefull of course in case that PostgreSQL authentication is enabled.
+For example, this permissions allow changing the PostgreSQL password, usefull of course in case that PostgreSQL authentication is enabled:
 
 ```bash
+# Using the CLI
 az postgres flexible-server update \
     --resource-group <resource_group_name> \
     --name <server_name> \
     --admin-password <password_to_update>
+
+# Using the API
+az rest --method patch \
+  --url "https://management.azure.com/subscriptions/<subscription>/resourceGroups/<res-group>/providers/Microsoft.DBforPostgreSQL/flexibleServers/<server-name>?api-version=2024-11-01-preview" \
+  --body '{"properties": {"administratorLoginPassword": "<new-password>"}}
 ```
 
 Furthermore, with the permissions you can enable the assigned identity, and operate with the managed identity attached to the server. Here you can find all the extensions that Azure PostgreSQL flexible server supports [https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/reference-extensions](https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/reference-extensions). To be able to use these extensions some server parameters (azure.extensions) need to be changed. For example here with a managed identity that can access Azure Storage: