GCP - Storage Post Exploitation
Cloud Storage
For more information about CLoud Storage check this page:
pageGCP - Storage EnumGive Public Access
It's possible to give external users (logged in GCP or not) access to buckets content. However, by default bucket will have disabled the option to expose publicly a bucket:
If you try to give ACLs to a bucket with disabled ACLs you will find this error: ERROR: HTTPError 400: Cannot use ACL API to update bucket policy when uniform bucket-level access is enabled. Read more at https://cloud.google.com/storage/docs/uniform-bucket-level-access
To access open buckets via browser, access the URL https://<bucket_name>.storage.googleapis.com/
or https://<bucket_name>.storage.googleapis.com/<object_name>
Last updated