GCP - Pub/Sub Post Exploitation
Pub/Sub
Kwa habari zaidi kuhusu Pub/Sub angalia ukurasa ufuatao:
pageGCP - Pub/Sub Enumpubsub.topics.publish
pubsub.topics.publish
Tuma ujumbe kwenye mada, inayoweza kutumika kwa kutuma data isiyotarajiwa na kuzindua utendaji usiotarajiwa au kutumia mapungufu:
pubsub.topics.detachSubscription
pubsub.topics.detachSubscription
Inatumika kuzuia usajili usipokee ujumbe, labda kuepuka kugunduliwa.
pubsub.topics.delete
pubsub.topics.delete
Inatumika kuzuia usajili kupokea ujumbe, labda kuepuka kugunduliwa. Inawezekana kufuta mada hata ikiwa kuna usajili uliounganishwa nayo.
pubsub.topics.update
pubsub.topics.update
Tumia ruhusa hii kuboresha mipangilio fulani ya mada ili kuvuruga, kama vile --clear-schema-settings
, --message-retention-duration
, --message-storage-policy-allowed-regions
, --schema
, --schema-project
, --topic-encryption-key
...
pubsub.topics.setIamPolicy
pubsub.topics.setIamPolicy
Jipatie ruhusa ya kufanya mashambulizi yoyote ya awali.
pubsub.subscriptions.create,
pubsub.topics.attachSubscription
, (pubsub.subscriptions.consume
)
pubsub.subscriptions.create,
pubsub.topics.attachSubscription
, (pubsub.subscriptions.consume
)Pata ujumbe wote kwenye seva ya wavuti:
Unda usajili na utumie kuvuta ujumbe:
pubsub.subscriptions.delete
pubsub.subscriptions.delete
Futa usajili inaweza kuwa na manufaa kuvuruga mfumo wa usindikaji wa log au kitu kama hicho:
pubsub.subscriptions.update
pubsub.subscriptions.update
Tumia ruhusa hii kuboresha mipangilio ili ujumbe uwekwe mahali unaweza kufikia (URL, meza ya Big Query, Bucket) au tu kuvuruga.
pubsub.subscriptions.setIamPolicy
pubsub.subscriptions.setIamPolicy
Jipatie ruhusa zinazohitajika kutekeleza mashambulizi yoyote yaliyotajwa hapo awali.
pubsub.schemas.delete
pubsub.schemas.delete
Futa schema ili uweze kutuma ujumbe ambao haukutani na schema:
pubsub.schemas.attach
, pubsub.topics.update
,(pubsub.schemas.create
)
pubsub.schemas.attach
, pubsub.topics.update
,(pubsub.schemas.create
)Shambulia schema kwa mada ili ujumbe usiikidhi na hivyo mada ikose kufanya kazi. Ikiwa hakuna mifano, unaweza kuunda moja.
```bash # Attach new schema gcloud pubsub topics update projects//topics/ \ --schema=projects//schemas/ \ --message-encoding=json ``` ### `pubsub.schemas.setIamPolicy`
Jipatie ruhusa zinazohitajika kutekeleza mashambulizi yoyote yaliyotajwa hapo awali.
pubsub.snapshots.create
, pubsub.snapshots.seek
pubsub.snapshots.create
, pubsub.snapshots.seek
Hii itaunda picha ya ujumbe wote usiothibitishwa na kuwarudisha kwenye usajili. Sio ya maana sana kwa mshambuliaji lakini hapa ipo:
Last updated