GCP - Serviceusage Privesc

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

serviceusage

Ruhusa zifuatazo ni muhimu kuunda na kuiba funguo za API, si hii kutoka kwa nyaraka: Funguo za API ni mfuatano rahisi wa siri unao tambulisha programu bila kiongozi yeyote. Zinatumika kwa kupata data za umma kwa siri, na zinatumika ku unganisha maombi ya API na mradi wako kwa ajili ya quota na malipo.

Hivyo, kwa funguo za API unaweza kufanya kampuni hiyo ilipe kwa matumizi yako ya API, lakini huwezi kuweza kuongeza mamlaka.

Ili kujifunza ruhusa nyingine na njia za kuunda funguo za API angalia:

GCP - Apikeys Privesc

`serviceusage.apiKeys.create`

API isiyokuwa na hati iligundulika ambayo inaweza kutumika ku unda funguo za API:

curl -XPOST "https://apikeys.clients6.google.com/v1/projects/<project-uniq-name>/apiKeys?access_token=$(gcloud auth print-access-token)"

`serviceusage.apiKeys.list`

API nyingine isiyoandikwa iligundulika kwa ajili ya kuorodhesha funguo za API ambazo tayari zimeundwa (funguo za API zinaonekana katika jibu):

curl "https://apikeys.clients6.google.com/v1/projects/<project-uniq-name>/apiKeys?access_token=$(gcloud auth print-access-token)"

`serviceusage.services.enable` , `serviceusage.services.use`

Kwa ruhusa hizi, mshambuliaji anaweza kuwezesha na kutumia huduma mpya katika mradi. Hii inaweza kumruhusu mshambuliaji kuwezesha huduma kama admin au cloudidentity kujaribu kufikia taarifa za Workspace, au huduma nyingine kufikia data ya kuvutia.

References

https://rhinosecuritylabs.com/cloud-security/privilege-escalation-google-cloud-platform-part-2/

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo****

PreviousGCP - Secretmanager Privesc NextGCP - Sourcerepos Privesc

Last updated 1 month ago