Korean - Ht Cloud
HackTricks TrainingTwitterLinkedinSponsor

GCP - Compute Enum

HackTricks ์ง€์›ํ•˜๊ธฐ

GCP VPC & ๋„คํŠธ์›Œํ‚น

์ด๊ฒƒ์ด ์–ด๋–ป๊ฒŒ ์ž‘๋™ํ•˜๋Š”์ง€ ๋ฐฐ์šฐ๊ธฐ:

์—ด๊ฑฐ

# List networks
gcloud compute networks list
gcloud compute networks describe <network>

# List subnetworks
gcloud compute networks subnets list
gcloud compute networks subnets get-iam-policy <name> --region <region>
gcloud compute networks subnets describe <name> --region <region>

# List FW rules in networks
gcloud compute firewall-rules list --format="table(
name,
network,
direction,
priority,
sourceRanges.list():label=SRC_RANGES,
destinationRanges.list():label=DEST_RANGES,
allowed[].map().firewall_rule().list():label=ALLOW,
denied[].map().firewall_rule().list():label=DENY,
sourceTags.list():label=SRC_TAGS,
sourceServiceAccounts.list():label=SRC_SVC_ACCT,
targetTags.list():label=TARGET_TAGS,
targetServiceAccounts.list():label=TARGET_SVC_ACCT,
disabled
)"

# List Hierarchical Firewalls
gcloud compute firewall-policies list  (--folder <value>| --organization <value>)
gcloud compute firewall-policies describe <fw_policy>
gcloud compute firewall-policies list-rules <fw_policy>

# Get Firewalls of each region
gcloud compute network-firewall-policies list
## Get final FWs applied in a region
gcloud compute network-firewall-policies get-effective-firewalls --network=<vpc_name> --region <region>

์—ด๋ฆฐ ๋ฐฉํ™”๋ฒฝ ๊ทœ์น™์ด ์žˆ๋Š” ์ปดํ“จํŠธ ์ธ์Šคํ„ด์Šค๋ฅผ ์‰ฝ๊ฒŒ ์ฐพ์œผ๋ ค๋ฉด https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/gcp_firewall_enum์„ ์ฐธ์กฐํ•˜์„ธ์š”.

์ปดํ“จํŠธ ์ธ์Šคํ„ด์Šค

์ด๊ฒƒ์€ GCP ๋‚ด์—์„œ ๊ฐ€์ƒ ๋จธ์‹ ์„ ์‹คํ–‰ํ•˜๋Š” ๋ฐฉ๋ฒ•์ž…๋‹ˆ๋‹ค. ๋” ๋งŽ์€ ์ •๋ณด๋Š” ์ด ํŽ˜์ด์ง€๋ฅผ ํ™•์ธํ•˜์„ธ์š”:

์—ด๊ฑฐ

# Get list of zones
# It's interesting to know which zones are being used
gcloud compute regions list | grep -E "NAME|[^0]/"

# List compute instances & get info
gcloud compute instances list
gcloud compute instances describe <instance name>
gcloud compute instances get-iam-policy <instance> --zone=ZONE
gcloud compute instances get-screenshot <instance name> # Instace must have "Display Device" enabled
gcloud compute instances os-inventory list-instances # Get OS info of instances (OS Config agent is running on instances)


# Enumerate disks
gcloud compute disks list
gcloud compute disks describe <disk>
gcloud compute disks get-iam-policy <disk>

๋” ๋งŽ์€ ์ •๋ณด๋Š” ์ธ์Šคํ„ด์Šค์˜ SSH ๋˜๋Š” ๋ฉ”ํƒ€๋ฐ์ดํ„ฐ ์ˆ˜์ •์„ ํ†ตํ•ด ๊ถŒํ•œ ์ƒ์Šนํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ์ด ํŽ˜์ด์ง€๋ฅผ ํ™•์ธํ•˜์„ธ์š”:

๊ถŒํ•œ ์ƒ์Šน

๋‹ค์Œ ํŽ˜์ด์ง€์—์„œ ์ปดํ“จํŠธ ๊ถŒํ•œ์„ ๋‚จ์šฉํ•˜์—ฌ ๊ถŒํ•œ์„ ์ƒ์Šน์‹œํ‚ค๋Š” ๋ฐฉ๋ฒ•์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค:

์ธ์ฆ๋˜์ง€ ์•Š์€ ์—ด๊ฑฐ

ํฌ์ŠคํŠธ ์ต์Šคํ”Œ๋กœ์ž‡

์ง€์†์„ฑ

์ง๋ ฌ ์ฝ˜์†” ๋กœ๊ทธ

Compute Engine ์ง๋ ฌ ์ฝ˜์†” ๋กœ๊ทธ๋Š” ๊ฐ€์ƒ ๋จธ์‹  ์ธ์Šคํ„ด์Šค์˜ ๋ถ€ํŒ… ๋ฐ ์šด์˜ ์ฒด์ œ ๋กœ๊ทธ๋ฅผ ๋ณด๊ณ  ์ง„๋‹จํ•  ์ˆ˜ ์žˆ๋Š” ๊ธฐ๋Šฅ์ž…๋‹ˆ๋‹ค.

์ง๋ ฌ ์ฝ˜์†” ๋กœ๊ทธ๋Š” ์ธ์Šคํ„ด์Šค์˜ ๋ถ€ํŒ… ํ”„๋กœ์„ธ์Šค์— ๋Œ€ํ•œ ์ €์ˆ˜์ค€ ๋ทฐ๋ฅผ ์ œ๊ณตํ•˜๋ฉฐ, ์—ฌ๊ธฐ์—๋Š” ์ปค๋„ ๋ฉ”์‹œ์ง€, ์ดˆ๊ธฐํ™” ์Šคํฌ๋ฆฝํŠธ ๋ฐ ๋ถ€ํŒ… ์ค‘ ๋ฐœ์ƒํ•˜๋Š” ๊ธฐํƒ€ ์‹œ์Šคํ…œ ์ด๋ฒคํŠธ๊ฐ€ ํฌํ•จ๋ฉ๋‹ˆ๋‹ค. ์ด๋Š” ๋ถ€ํŒ… ๋ฌธ์ œ๋ฅผ ๋””๋ฒ„๊น…ํ•˜๊ฑฐ๋‚˜ ์ž˜๋ชป๋œ ๊ตฌ์„ฑ ๋˜๋Š” ์†Œํ”„ํŠธ์›จ์–ด ์˜ค๋ฅ˜๋ฅผ ์‹๋ณ„ํ•˜๊ฑฐ๋‚˜ ๋„คํŠธ์›Œํฌ ์—ฐ๊ฒฐ ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ•˜๋Š” ๋ฐ ์œ ์šฉํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ด ๋กœ๊ทธ๋Š” ๋ฏผ๊ฐํ•œ ์ •๋ณด๋ฅผ ๋…ธ์ถœํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ์ผ๋ฐ˜์ ์œผ๋กœ ๊ถŒํ•œ์ด ๋‚ฎ์€ ์‚ฌ์šฉ์ž๋Š” ๋ณผ ์ˆ˜ ์—†์ง€๋งŒ, ์ ์ ˆํ•œ IAM ๊ถŒํ•œ์ด ์žˆ์œผ๋ฉด ์ด๋ฅผ ์ฝ์„ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๋‹ค์Œ gcloud ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์ง๋ ฌ ํฌํŠธ ๋กœ๊ทธ๋ฅผ ์ฟผ๋ฆฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค(ํ•„์š”ํ•œ ๊ถŒํ•œ์€ compute.instances.getSerialPortOutput์ž…๋‹ˆ๋‹ค):

gcloud compute instances get-serial-port-output <instance-name>

Startup Scripts output

VM์—์„œ ์‹คํ–‰๋˜๋Š” ์‹œ์ž‘ ์Šคํฌ๋ฆฝํŠธ์˜ ์ถœ๋ ฅ์„ ๋ณผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค:

sudo journalctl -u google-startup-scripts.service

OS Configuration Manager

OS ๊ตฌ์„ฑ ๊ด€๋ฆฌ ์„œ๋น„์Šค๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ VM ์ธ์Šคํ„ด์Šค(VM)์˜ ์ผ๊ด€๋œ ๊ตฌ์„ฑ(์›ํ•˜๋Š” ์ƒํƒœ ๋ฐ ์†Œํ”„ํŠธ์›จ์–ด)์„ ๋ฐฐํฌ, ์ฟผ๋ฆฌ ๋ฐ ์œ ์ง€ ๊ด€๋ฆฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. Compute Engine์—์„œ๋Š” VM์—์„œ ์ผ๊ด€๋œ ์†Œํ”„ํŠธ์›จ์–ด ๊ตฌ์„ฑ์„ ์œ ์ง€ํ•˜๊ธฐ ์œ„ํ•ด ๊ฒŒ์ŠคํŠธ ์ •์ฑ…์„ ์‚ฌ์šฉํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

OS ๊ตฌ์„ฑ ๊ด€๋ฆฌ ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•˜๋ฉด ์–ด๋–ค ์†Œํ”„ํŠธ์›จ์–ด ํŒจํ‚ค์ง€๋ฅผ ์„ค์น˜ํ•ด์•ผ ํ•˜๋Š”์ง€, ์–ด๋–ค ์„œ๋น„์Šค๋ฅผ ํ™œ์„ฑํ™”ํ•ด์•ผ ํ•˜๋Š”์ง€, ์–ด๋–ค ํŒŒ์ผ์ด๋‚˜ ๊ตฌ์„ฑ์ด VM์— ์žˆ์–ด์•ผ ํ•˜๋Š”์ง€๋ฅผ ์ง€์ •ํ•˜๋Š” ๊ตฌ์„ฑ ์ •์ฑ…์„ ์ •์˜ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. VM์˜ ์†Œํ”„ํŠธ์›จ์–ด ๊ตฌ์„ฑ์„ ๊ด€๋ฆฌํ•˜๋Š” ์„ ์–ธ์  ์ ‘๊ทผ ๋ฐฉ์‹์„ ์‚ฌ์šฉํ•  ์ˆ˜ ์žˆ์œผ๋ฉฐ, ์ด๋ฅผ ํ†ตํ•ด ๊ตฌ์„ฑ ๊ด€๋ฆฌ ํ”„๋กœ์„ธ์Šค๋ฅผ ๋” ์‰ฝ๊ฒŒ ์ž๋™ํ™”ํ•˜๊ณ  ํ™•์žฅํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ด๊ฒƒ์€ IAM ๊ถŒํ•œ์„ ํ†ตํ•ด ์ธ์Šคํ„ด์Šค์— ๋กœ๊ทธ์ธํ•  ์ˆ˜ ์žˆ๊ฒŒ ํ•˜๋ฏ€๋กœ ๊ถŒํ•œ ์ƒ์Šน ๋ฐ ํ”ผ๋ฒ—์— ๋งค์šฐ ์œ ์šฉํ•ฉ๋‹ˆ๋‹ค.

์ „์ฒด ํ”„๋กœ์ ํŠธ ๋˜๋Š” ์ธ์Šคํ„ด์Šค์—์„œ os-config๋ฅผ ํ™œ์„ฑํ™”ํ•˜๋ ค๋ฉด ์›ํ•˜๋Š” ์ˆ˜์ค€์—์„œ ๋ฉ”ํƒ€๋ฐ์ดํ„ฐ ํ‚ค **enable-oslogin**์„ **true**๋กœ ์„ค์ •ํ•˜๊ธฐ๋งŒ ํ•˜๋ฉด ๋ฉ๋‹ˆ๋‹ค. ๋˜ํ•œ, 2fa๋ฅผ ํ™œ์„ฑํ™”ํ•˜๋ ค๋ฉด ๋ฉ”ํƒ€๋ฐ์ดํ„ฐ **enable-oslogin-2fa**๋ฅผ **true**๋กœ ์„ค์ •ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ธ์Šคํ„ด์Šค๋ฅผ ์ƒ์„ฑํ•  ๋•Œ ์ด๋ฅผ ํ™œ์„ฑํ™”ํ•˜๋ฉด ๋ฉ”ํƒ€๋ฐ์ดํ„ฐ ํ‚ค๊ฐ€ ์ž๋™์œผ๋กœ ์„ค์ •๋ฉ๋‹ˆ๋‹ค.

OS-config์—์„œ์˜ 2fa์— ๋Œ€ํ•œ ์ถ”๊ฐ€ ์ •๋ณด, ์‚ฌ์šฉ์ž๊ฐ€ ์‚ฌ์šฉ์ž์ผ ๊ฒฝ์šฐ์—๋งŒ ์ ์šฉ๋ฉ๋‹ˆ๋‹ค, ์„œ๋น„์Šค ๊ณ„์ •(SA, ์˜ˆ: ์ปดํ“จํŠธ SA)์ธ ๊ฒฝ์šฐ์—๋Š” ์ถ”๊ฐ€ ์š”๊ตฌ ์‚ฌํ•ญ์ด ์—†์Šต๋‹ˆ๋‹ค.

Enumeration

gcloud compute os-config patch-deployments list
gcloud compute os-config patch-deployments describe <patch-deployment>

gcloud compute os-config patch-jobs list
gcloud compute os-config patch-jobs describe <patch-job>

์ด๋ฏธ์ง€

์‚ฌ์šฉ์ž ์ •์˜ ์ด๋ฏธ์ง€

์‚ฌ์šฉ์ž ์ •์˜ ์ปดํ“จํŠธ ์ด๋ฏธ์ง€๋Š” ๋ฏผ๊ฐํ•œ ์„ธ๋ถ€์ •๋ณด ๋˜๋Š” ๋‹น์‹ ์ด ์•…์šฉํ•  ์ˆ˜ ์žˆ๋Š” ๋‹ค๋ฅธ ์ทจ์•ฝํ•œ ๊ตฌ์„ฑ์„ ํฌํ•จํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

์ด๋ฏธ์ง€๊ฐ€ ์ƒ์„ฑ๋  ๋•Œ 3๊ฐ€์ง€ ์œ ํ˜•์˜ ์•”ํ˜ธํ™”๋ฅผ ์„ ํƒํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค: Google ๊ด€๋ฆฌ ํ‚ค(๊ธฐ๋ณธ๊ฐ’), KMS์˜ ํ‚ค, ๋˜๋Š” ํด๋ผ์ด์–ธํŠธ๊ฐ€ ์ œ๊ณตํ•œ ์›์‹œ ํ‚ค.

์—ด๊ฑฐ

๋‹ค์Œ ๋ช…๋ น์–ด๋กœ ํ”„๋กœ์ ํŠธ์˜ ๋น„ํ‘œ์ค€ ์ด๋ฏธ์ง€ ๋ชฉ๋ก์„ ์ฟผ๋ฆฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค:

gcloud compute machine-images list
gcloud compute machine-images describe <name>
gcloud compute machine-images get-iam-policy <name>

๊ทธ๋Ÿฐ ๋‹ค์Œ ๋‚ด๋ณด๋‚ผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค ๊ฐ€์ƒ ๋””์Šคํฌ๋ฅผ ์—ฌ๋Ÿฌ ํ˜•์‹์˜ ์ด๋ฏธ์ง€์—์„œ ๋‚ด๋ณด๋‚ผ ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋‹ค์Œ ๋ช…๋ น์€ ์ด๋ฏธ์ง€๋ฅผ qcow2 ํ˜•์‹์œผ๋กœ ๋‚ด๋ณด๋‚ด๋ฉฐ, ํŒŒ์ผ์„ ๋‹ค์šด๋กœ๋“œํ•˜๊ณ  ์ถ”๊ฐ€ ์กฐ์‚ฌ๋ฅผ ์œ„ํ•ด ๋กœ์ปฌ์—์„œ VM์„ ๊ตฌ์ถ•ํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค:

gcloud compute images export --image test-image \
--export-format qcow2 --destination-uri [BUCKET]

# Execute container inside a docker
docker run --rm -ti gcr.io/<project-name>/secret:v1 sh

๊ถŒํ•œ ์ƒ์Šน

Compute Instances ๊ถŒํ•œ ์ƒ์Šน ์„น์…˜์„ ํ™•์ธํ•˜์„ธ์š”.

์‚ฌ์šฉ์ž ์ •์˜ ์ธ์Šคํ„ด์Šค ํ…œํ”Œ๋ฆฟ

์ธ์Šคํ„ด์Šค ํ…œํ”Œ๋ฆฟ ์€ ์ธ์Šคํ„ด์Šค ์†์„ฑ์„ ์ •์˜ํ•˜์—ฌ ์ผ๊ด€๋œ ๊ตฌ์„ฑ์„ ๋ฐฐํฌํ•˜๋Š” ๋ฐ ๋„์›€์„ ์ค๋‹ˆ๋‹ค. ์ด๋Ÿฌํ•œ ํ…œํ”Œ๋ฆฟ์€ ์‹คํ–‰ ์ค‘์ธ ์ธ์Šคํ„ด์Šค์˜ ์‚ฌ์šฉ์ž ์ •์˜ ๋ฉ”ํƒ€๋ฐ์ดํ„ฐ์™€ ๋™์ผํ•œ ์œ ํ˜•์˜ ๋ฏผ๊ฐํ•œ ๋ฐ์ดํ„ฐ๋ฅผ ํฌํ•จํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค. ๋‹ค์Œ ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์กฐ์‚ฌํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค:

# List the available templates
gcloud compute instance-templates list

# Get the details of a specific template
gcloud compute instance-templates describe [TEMPLATE NAME]

์–ด๋–ค ๋””์Šคํฌ๊ฐ€ ์ƒˆ๋กœ์šด ์ด๋ฏธ์ง€๋ฅผ ์‚ฌ์šฉํ•˜๋Š”์ง€ ์•„๋Š” ๊ฒƒ์€ ํฅ๋ฏธ๋กœ์šธ ์ˆ˜ ์žˆ์ง€๋งŒ, ์ด๋Ÿฌํ•œ ํ…œํ”Œ๋ฆฟ์€ ์ผ๋ฐ˜์ ์œผ๋กœ ๋ฏผ๊ฐํ•œ ์ •๋ณด๋ฅผ ํฌํ•จํ•˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

Snapshots

์Šค๋ƒ…์ƒท์€ ๋””์Šคํฌ์˜ ๋ฐฑ์—…์ž…๋‹ˆ๋‹ค. ์ด๋Š” ๋””์Šคํฌ๋ฅผ ๋ณต์ œํ•˜๋Š” ๊ฒƒ(๋˜ ๋‹ค๋ฅธ ์‚ฌ์šฉ ๊ฐ€๋Šฅํ•œ ๊ธฐ๋Šฅ)๊ณผ๋Š” ๋‹ค๋ฆ…๋‹ˆ๋‹ค. ์Šค๋ƒ…์ƒท์€ ์Šค๋ƒ…์ƒท์ด ์ƒ์„ฑ๋œ ๋””์Šคํฌ์™€ ๋™์ผํ•œ ์•”ํ˜ธํ™”๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.

Enumeration

gcloud compute snapshots list
gcloud compute snapshots describe <snapshot>
gcloud compute snapshots get-iam-policy <snapshot>

๊ถŒํ•œ ์ƒ์Šน

Compute Instances ๊ถŒํ•œ ์ƒ์Šน ์„น์…˜์„ ํ™•์ธํ•˜์„ธ์š”.

์ฐธ๊ณ ์ž๋ฃŒ

HackTricks ์ง€์›ํ•˜๊ธฐ
PreviousGCP - Cloud Scheduler EnumNextGCP - Compute Instances

Last updated