Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
The following permissions are useful to create and steal API keys, not this from the docs: An API key is a simple encrypted string that identifies an application without any principal. They are useful for accessing public data anonymously, and are used to associate API requests with your project for quota and billing.
Therefore, with an API key you can make that company pay for your use of the API, but you won't be able to escalate privileges.
For more information about API Keys check:
GCP - API Keys EnumFor other ways to create API keys check:
GCP - Serviceusage PrivescAs you might not know which APIs are enabled in the project or the restrictions applied to the API key you found, it would be interesting to run the tool https://github.com/ozguralp/gmapsapiscanner and check what you can access with the API key.
apikeys.keys.createThis permission allows to create an API key:
You can find a script to automate the creation, exploit and cleaning of a vuln environment here.
Note that by default users have permissions to create new projects adn they are granted Owner role over the new project. So a user could create a project and an API key inside this project.
apikeys.keys.getKeyString , apikeys.keys.listThese permissions allows list and get all the apiKeys and get the Key:
You can find a script to automate the creation, exploit and cleaning of a vuln environment here.
apikeys.keys.undelete , apikeys.keys.listThese permissions allow you to list and regenerate deleted api keys. The API key is given in the output after the undelete is done:
Check the following page to learn how to do this, although this action belongs to the service clientauthconfig according to the docs:
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
