GCP - Stackdriver Enum

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Stackdriver logging

Stackdriver inatambuliwa kama seti kamili ya logging suite inayotolewa na Google. Ina uwezo wa kukamata data nyeti kupitia vipengele kama syslog, ambacho kinatoa ripoti za amri binafsi zinazotekelezwa ndani ya Compute Instances. Zaidi ya hayo, inafuatilia maombi ya HTTP yanayotumwa kwa load balancers au programu za App Engine, metadata ya pakiti za mtandao ndani ya mawasiliano ya VPC, na zaidi.

Kwa ajili ya Compute Instance, akaunti husika ya huduma inahitaji tu ruhusa za WRITE ili kuwezesha logging ya shughuli za instance. Hata hivyo, inawezekana kwamba msimamizi anaweza kasi kutoa akaunti ya huduma ruhusa za READ na WRITE. Katika hali kama hizo, kumbukumbu zinaweza kuchunguzwa kwa taarifa nyeti.

Ili kufanikisha hili, zana ya gcloud logging inatoa seti ya zana. Kwanza, inashauriwa kubaini aina za kumbukumbu zilizopo katika mradi wako wa sasa.

# List logs
gcloud logging logs list

# Read logs
gcloud logging read [FOLDER]

# Write logs
# An attacker writing logs may confuse the Blue Team
gcloud logging write [FOLDER] [MESSAGE]

# List Buckets
gcloud logging buckets list

References

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud github repos.

PreviousGCP - Spanner Enum NextGCP - Storage Enum

Last updated 8 days ago