GCP - Pubsub Privesc

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

PubSub

Get more information in:

pageGCP - Pub/Sub Enum

pubsub.snapshots.create

The snapshots of topics contain the current unACKed messages and every message after it. You could create a snapshot of a topic to access all the messages, avoiding access the topic directly.

pubsub.snapshots.setIamPolicy

Assign the pervious permissions to you.

pubsub.subscriptions.create

You can create a push subscription in a topic that will be sending all the received messages to the indicated URL

pubsub.subscriptions.update

Set your own URL as push endpoint to steal the messages.

pubsub.subscriptions.consume

Access messages using the subscription.

pubsub.subscriptions.setIamPolicy

Give yourself any of the preiovus permissions

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Last updated