Links

GCP - Source Repositories Enum

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:

Basic Information

Google Cloud Source Repositories is a fully-featured, scalable, private Git repository service. It's designed to host your source code in a fully managed environment, integrating seamlessly with other GCP tools and services. It offers a collaborative and secure place for teams to store, manage, and track their code.
Key features of Cloud Source Repositories include:
  1. 1.
    Fully Managed Git Hosting: Offers the familiar functionality of Git, meaning you can use regular Git commands and workflows.
  2. 2.
    Integration with GCP Services: Integrates with other GCP services like Cloud Build, Pub/Sub, and App Engine for end-to-end traceability from code to deployment.
  3. 3.
    Private Repositories: Ensures your code is stored securely and privately. You can control access using Cloud Identity and Access Management (IAM) roles.
  4. 4.
    Source Code Analysis: Works with other GCP tools to provide automated analysis of your source code, identifying potential issues like bugs, vulnerabilities, or bad coding practices.
  5. 5.
    Collaboration Tools: Supports collaborative coding with tools like merge requests, comments, and reviews.
  6. 6.
    Mirror Support: Allows you to connect Cloud Source Repositories with repositories hosted on GitHub or Bitbucket, enabling automatic synchronization and providing a unified view of all your repositories.

OffSec information

  • The source repositories configuration inside a project will have a Service Account used to publishing Cloud Pub/Sub messages. The default one used is the Compute SA. However, I don't think it's possible steal its token from Source Repositories as it's being executed in the background.
  • To see the code inside the GCP Cloud Source Repositories web console (https://source.cloud.google.com/), you need the code to be inside master branch by default.
  • You can also create a mirror Cloud Repository pointing to a repo from Github or Bitbucket (giving access to those platforms).
  • It's possible to code & debug from inside GCP.
  • By default, Source Repositories prevents private keys to be pushed in commits, but this can be disabled.

Open In Cloud Shell

It's possible to open the repository in Cloud Shell, a prompt like this one will appear:
This will allow you to code and debug in Cloud Shell (which could get cloudshell compromised).

Enumeration

# Repos enumeration
gcloud source repos list #Get names and URLs
gcloud source repos describe <repo_name>
gcloud source repos get-iam-policy <repo_name>
# gcloud repo clone
gcloud source repos clone <REPO NAME>
gcloud source repos get-iam-policy <REPO NAME>
... git add & git commit -m ...
git push --set-upstream origin master
git push -u origin master
# Access via git
## To add a SSH key go to https://source.cloud.google.com/user/ssh_keys (no gcloud command)
git clone ssh://[email protected]@source.developers.google.com:2022/p/<proj-name>/r/<repo-name>
git add, commit, push...

Privilege Escalation & Post Exploitation

Unauthenticated Enum

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks: