GCP - Source Repositories Enum

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Basic Information

Google Cloud Source Repositories is a fully-featured, scalable, private Git repository service. It's designed to host your source code in a fully managed environment, integrating seamlessly with other GCP tools and services. It offers a collaborative and secure place for teams to store, manage, and track their code.

Key features of Cloud Source Repositories include:

  1. Fully Managed Git Hosting: Offers the familiar functionality of Git, meaning you can use regular Git commands and workflows.

  2. Integration with GCP Services: Integrates with other GCP services like Cloud Build, Pub/Sub, and App Engine for end-to-end traceability from code to deployment.

  3. Private Repositories: Ensures your code is stored securely and privately. You can control access using Cloud Identity and Access Management (IAM) roles.

  4. Source Code Analysis: Works with other GCP tools to provide automated analysis of your source code, identifying potential issues like bugs, vulnerabilities, or bad coding practices.

  5. Collaboration Tools: Supports collaborative coding with tools like merge requests, comments, and reviews.

  6. Mirror Support: Allows you to connect Cloud Source Repositories with repositories hosted on GitHub or Bitbucket, enabling automatic synchronization and providing a unified view of all your repositories.

OffSec information

  • The source repositories configuration inside a project will have a Service Account used to publishing Cloud Pub/Sub messages. The default one used is the Compute SA. However, I don't think it's possible steal its token from Source Repositories as it's being executed in the background.

  • To see the code inside the GCP Cloud Source Repositories web console (https://source.cloud.google.com/), you need the code to be inside master branch by default.

  • You can also create a mirror Cloud Repository pointing to a repo from Github or Bitbucket (giving access to those platforms).

  • It's possible to code & debug from inside GCP.

  • By default, Source Repositories prevents private keys to be pushed in commits, but this can be disabled.

Open In Cloud Shell

It's possible to open the repository in Cloud Shell, a prompt like this one will appear:

This will allow you to code and debug in Cloud Shell (which could get cloudshell compromised).


# Repos enumeration
gcloud source repos list #Get names and URLs
gcloud source repos describe <repo_name>
gcloud source repos get-iam-policy <repo_name>

# gcloud repo clone
gcloud source repos clone <REPO NAME>
gcloud source repos get-iam-policy <REPO NAME>
... git add & git commit -m ...
git push --set-upstream origin master
git push -u origin master

# Access via git
## To add a SSH key go to https://source.cloud.google.com/user/ssh_keys (no gcloud command)
git clone ssh://username@domain.com@source.developers.google.com:2022/p/<proj-name>/r/<repo-name>
git add, commit, push...

Privilege Escalation & Post Exploitation

pageGCP - Sourcerepos Privesc

Unauthenticated Enum

pageGCP - Source Repositories Unauthenticated Enum
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Last updated