GCP - Pub/Sub Post Exploitation
Pub/Sub
For more information about Pub/Sub check the following page:
pageGCP - Pub/Sub Enumpubsub.topics.publish
pubsub.topics.publish
Publish a message in a topic, useful to send unexpected data and trigger unexpected functionalities or exploit vulnerabilities:
pubsub.topics.detachSubscription
pubsub.topics.detachSubscription
Useful to prevent a subscription from receiving messages, maybe to avoid detection.
pubsub.topics.delete
pubsub.topics.delete
Useful to prevent a subscription from receiving messages, maybe to avoid detection. It's possible to delete a topic even with subscriptions attached to it.
pubsub.topics.update
pubsub.topics.update
Use this permission to update some setting of the topic to disrupt it, like --clear-schema-settings
, --message-retention-duration
, --message-storage-policy-allowed-regions
, --schema
, --schema-project
, --topic-encryption-key
...
pubsub.topics.setIamPolicy
pubsub.topics.setIamPolicy
Give yourself permission to perform any of the previous attacks.
pubsub.subscriptions.create,
pubsub.topics.attachSubscription
, (pubsub.subscriptions.consume
)
pubsub.subscriptions.create,
pubsub.topics.attachSubscription
, (pubsub.subscriptions.consume
)Get all the messages in a web server:
Create a subscription and use it to pull messages:
pubsub.subscriptions.delete
pubsub.subscriptions.delete
Delete a subscription could be useful to disrupt a log processing system or something similar:
pubsub.subscriptions.update
pubsub.subscriptions.update
Use this permission to update some setting so messages are stored in a place you can access (URL, Big Query table, Bucket) or just to disrupt it.
pubsub.subscriptions.setIamPolicy
pubsub.subscriptions.setIamPolicy
Give yourself the permissions needed to perform any of the previously commented attacks.
pubsub.schemas.delete
pubsub.schemas.delete
Delete a schema to be able to send messages that doesn't fulfil with the schema:
pubsub.schemas.attach
, pubsub.topics.update
,(pubsub.schemas.create
)
pubsub.schemas.attach
, pubsub.topics.update
,(pubsub.schemas.create
)Attack a schema to a topic so the messages doesn't fulfil it and therefore the topic is disrupted. If there aren't any schemas you might need to create one.
pubsub.schemas.setIamPolicy
pubsub.schemas.setIamPolicy
Give yourself the permissions needed to perform any of the previously commented attacks.
pubsub.snapshots.create
, pubsub.snapshots.seek
pubsub.snapshots.create
, pubsub.snapshots.seek
This is will create a snapshot of all the unACKed messages and put them back to the subscription. Not very useful for an attacker but here it's:
Last updated