Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
If you owns a user that has the setIamPolicy permission in a resource you can escalate privileges in that resource because you will be able to change the IAM policy of that resource and give you more privileges over it.
This permission can also allow to escalate to other principals if the resource allow to execute code and the iam.ServiceAccounts.actAs is not necessary.
cloudfunctions.functions.setIamPolicy
Modify the policy of a Cloud Function to allow yourself to invoke it.
There are tens of resources types with this kind of permission, you can find all of them in https://cloud.google.com/iam/docs/permissions-reference searching for setIamPolicy.
These permissions can be very useful to try to escalate privileges in resources by creating a new one or updating a new one. These can of permissions are specially useful if you also has the permission iam.serviceAccounts.actAs over a Service Account and the resource you have .create/.update over can attach a service account.
This permission will usually let you access or modify a Service Account in some resource (e.g.: compute.instances.setServiceAccount). This could lead to a privilege escalation vector, but it will depend on each case.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
