GCP - Deploymentmaneger Privesc

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

deploymentmanager

`deploymentmanager.deployments.create`

Hii ruhusa moja inakuwezesha kuanzisha matumizi mapya ya rasilimali ndani ya GCP kwa kutumia akaunti za huduma zisizo na mipaka. Unaweza kwa mfano kuanzisha mfano wa kompyuta na SA ili kupandisha hadhi.

Kwa kweli unaweza kuanzisha rasilimali yoyote iliyoorodheshwa katika gcloud deployment-manager types list

Katika utafiti wa asili ifuatayo script inatumika kuanzisha mfano wa kompyuta, hata hivyo script hiyo haitafanya kazi. Angalia script ya kuendesha kuunda, kutumia na kusafisha mazingira yenye udhaifu hapa.

`deploymentmanager.deployments.update`

Hii ni kama matumizi ya awali lakini badala ya kuunda matumizi mapya, unabadilisha moja iliyopo tayari (hivyo kuwa makini)

Angalia script ya kuendesha kuunda, kutumia na kusafisha mazingira yenye udhaifu hapa.

`deploymentmanager.deployments.setIamPolicy`

Hii ni kama matumizi ya awali lakini badala ya kuunda matumizi mapya moja kwa moja, kwanza unakupa ufikiaji huo na kisha unatumia ruhusa kama ilivyoelezwa katika sehemu ya awali deploymentmanager.deployments.create.

References

https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1/

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousGCP - Container Privesc NextGCP - IAM Privesc

Last updated 3 days ago