GCP - AppEngine Privesc
App Engine
Kwa habari zaidi kuhusu App Engine angalia:
pageGCP - App Engine Enumappengine.applications.get, appengine.instances.get, appengine.instances.list, appengine.operations.get, appengine.operations.list, appengine.services.get, appengine.services.list, appengine.versions.create, appengine.versions.get, appengine.versions.list, cloudbuild.builds.get,iam.serviceAccounts.actAs, resourcemanager.projects.get, storage.objects.create, storage.objects.list
appengine.applications.get, appengine.instances.get, appengine.instances.list, appengine.operations.get, appengine.operations.list, appengine.services.get, appengine.services.list, appengine.versions.create, appengine.versions.get, appengine.versions.list, cloudbuild.builds.get,iam.serviceAccounts.actAs, resourcemanager.projects.get, storage.objects.create, storage.objects.listHizo ni idhini zinazohitajika kwa kuweka App kutumia gcloud cli. Labda zile za get na list zinaweza kuepukwa.
Unaweza kupata mifano ya nambari ya Python katika https://github.com/GoogleCloudPlatform/python-docs-samples/tree/main/appengine
Kwa chaguo-msingi, jina la huduma ya App litakuwa default, na inaweza kuwepo tu 1 kifaa na jina sawa.
Ili kubadilisha hilo na kuunda App ya pili, katika app.yaml, badilisha thamani ya funguo la msingi kuwa kitu kama service: my-second-app
Toa angalau dakika 10-15, ikiwa haitafanya kazi piga simu weka mara nyingine na subiri dakika chache.
Ni inawezekana kuashiria Akaunti ya Huduma ya kutumia lakini kwa chaguo-msingi, SA ya msingi ya App Engine hutumika.
URL ya programu ni kama https://<proj-jina>.oa.r.appspot.com/ au https://<jina-la-huduma>-dot-<proj-jina>.oa.r.appspot.com
appengine.instances.enableDebug, appengine.instances.get, appengine.instances.list, appengine.operations.get, appengine.services.get, appengine.services.list, appengine.versions.get, appengine.versions.list, compute.projects.get
appengine.instances.enableDebug, appengine.instances.get, appengine.instances.list, appengine.operations.get, appengine.services.get, appengine.services.list, appengine.versions.get, appengine.versions.list, compute.projects.getKwa ruhusa hizi, ni inawezekana kuingia kupitia ssh kwenye mifano ya App Engine aina ya flexible (sio standard). Baadhi ya ruhusa za list na get zinaweza kutokuwa muhimu sana.
appengine.applications.update, appengine.operations.get
appengine.applications.update, appengine.operations.getNadhani hii inabadilisha SA ya nyuma ambayo Google itatumia kuanzisha maombi, kwa hivyo sidhani unaweza kutumia hii kudhuru kwa kuiba akaunti ya huduma.
appengine.versions.getFileContents, appengine.versions.update
appengine.versions.getFileContents, appengine.versions.updateSiwezi kujua jinsi ya kutumia ruhusa hizi au kama zinafaa (kumbuka kwamba unapobadilisha nambari, toleo jipya hujengwa kwa hivyo siwezi kujua ikiwa unaweza tu kusasisha nambari au jukumu la IAM la moja kwa moja, lakini nadhani unapaswa kuweza, labda kwa kubadilisha nambari ndani ya ndoo??).
Upatikanaji wa Kuandika juu ya ndoo
Hata ukiwa na upatikanaji wa kuandika kwenye ndoo ambapo nambari ya chanzo inapatikana HAIKUWEZEKANA kutekeleza nambari ya kupindukia kwa kubadilisha nambari ya chanzo na manifest.json.
Labda ikiwa unafuatilia ndoo na kugundua wakati ambapo toleo jipya linajengwa na nambari ya chanzo na maelezo yanapakiwa, inaweza kuwa inawezekana kuzibadilisha ili toleo jipya litumie zile zilizo na mlango wa nyuma??
Inaonekana pia tabaka za kontena zimehifadhiwa kwenye ndoo, labda kuzibadilisha hizo?
Last updated