GCP - Orgpolicy Privesc

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

orgpolicy

`orgpolicy.policy.set`

Mshambuliaji anayenufaika na orgpolicy.policy.set anaweza kubadilisha sera za shirika, ambazo zitamruhusu kuondoa vizuizi fulani vinavyokwamisha operesheni maalum. Kwa mfano, kizuizi appengine.disableCodeDownload kawaida huzuia upakuaji wa msimbo wa chanzo wa App Engine. Hata hivyo, kwa kutumia orgpolicy.policy.set, mshambuliaji anaweza kuzima kizuizi hiki, hivyo kupata ufikiaji wa kupakua msimbo wa chanzo, licha ya kuwa awali ulikuwa umelindwa.

# Get info
gcloud resource-manager org-policies describe <org-policy> [--folder <id> | --organization <id> | --project <id>]

# Disable
gcloud resource-manager org-policies disable-enforce <org-policy> [--folder <id> | --organization <id> | --project <id>]

Script ya python kwa njia hii inaweza kupatikana hapa.

Marejeleo

https://rhinosecuritylabs.com/cloud-security/privilege-escalation-google-cloud-platform-part-2/

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

PreviousGCP - KMS Privesc NextGCP - Pubsub Privesc

Last updated 8 days ago