挂载 Filestore

共享文件系统 可能包含敏感信息,从攻击者的角度来看非常有趣。访问 Filestore 后,可以 挂载它

sudo apt-get update
sudo apt-get install nfs-common
# Check the share name
showmount -e <IP>
# Mount the share
mkdir /mnt/fs
sudo mount [FILESTORE_IP]:/[FILE_SHARE_NAME] /mnt/fs

要查找 filestore 实例的 IP 地址,请检查页面的枚举部分:

如果攻击者不在具有共享访问权限的 IP 地址上,但您有足够的权限进行修改,则可以移除对其的限制或访问权限。还可以授予您的 IP 地址更多权限,以便对共享拥有管理员访问权限:

gcloud filestore instances update nfstest \
--zone=<exact-zone> \

# Contents of nfs.json
"capacity": "1024",
"name": "<share-name>",
"nfs-export-options": [
"access-mode": "READ_WRITE",
"ip-ranges": [
"squash-mode": "NO_ROOT_SQUASH",
"anon_uid": 1003,
"anon_gid": 1003



# Create a new filestore if you don't want to modify the old one
gcloud filestore instances create <new-instance-name> \
--zone=<zone> \
--tier=STANDARD \
--file-share=name=vol1,capacity=1TB \

# Restore a backups in a new instance
gcloud filestore instances restore <new-instance-name> \
--zone=<zone> \
--file-share=<instance-file-share-name> \
--source-backup=<backup-name> \

# Follow the previous section commands to mount it



# Create share backup
gcloud filestore backups create <back-name> \
--region=<region> \
--instance=<instance-name> \
--instance-zone=<instance-zone> \

# Follow the previous section commands to restore it and mount it
