GCP - Pubsub Privesc

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
Get the official PEASS & HackTricks swag
Discover The PEASS Family, our collection of exclusive NFTs
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PubSub

`pubsub.snapshots.create`

The snapshots of topics contain the current unACKed messages and every message after it. You could create a snapshot of a topic to access all the messages, avoiding access the topic directly.

`pubsub.snapshots.setIamPolicy`

Assign the pervious permissions to you.

`pubsub.subscriptions.create`

You can create a push subscription in a topic that will be sending all the received messages to the indicated URL

`pubsub.subscriptions.update`

Set your own URL as push endpoint to steal the messages.

`pubsub.subscriptions.consume`

Access messages using the subscription.

`pubsub.subscriptions.setIamPolicy`

Give yourself any of the preiovus permissions

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
Get the official PEASS & HackTricks swag
Discover The PEASS Family, our collection of exclusive NFTs
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousGCP - Orgpolicy Privesc NextGCP - Resourcemanager Privesc

Last updated 29 days ago