GCP - Vertex AI Enum

Tip

Leer & oefen AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Leer & oefen GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Leer & oefen Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Ondersteun HackTricks

• Kyk na die subscription plans!
• Sluit aan by die 💬 Discord group of die telegram group of volg ons op Twitter 🐦 @hacktricks_live.
• Deel hacking tricks deur PRs in te dien by die HackTricks en HackTricks Cloud github repos.

Vertex AI

Vertex AI is Google Cloud se geïntegreerde machine learning-platform vir die bou, ontplooiing en bestuur van AI-modelle op skaal. Dit kombineer verskeie AI- en ML-dienste in een geïntegreerde platform, wat datawetenskaplikes en ML-ingenieurs in staat stel om:

• Oplei maatgemaakte modelle met AutoML of custom training
• Ontplooi modelle na skaalbare endpoints vir voorspellings
• Beheer die ML-leeftydsiklus van eksperimentering tot produksie
• Toegang tot vooraf-opgeleide modelle vanaf Model Garden
• Monitor en optimaliseer modelprestasie

Agent Engine / Reasoning Engine

Vir Agent Engine / Reasoning Engine-spesifieke enumerasie en post-exploitation-paaie wat metadata credential theft, P4SA abuse, en producer/tenant project pivoting betrek, sien:

GCP - Vertex AI Post Exploitation

Key Components

Modelle

Vertex AI modelle verteenwoordig opgelei masjienleermodelle wat na endpoints ontplooi kan word om voorspellings te lewer. Modelle kan wees:

• Opgelaai vanaf custom containers of model artifacts
• Geskep deur AutoML training
• Ingevoer vanaf Model Garden (voor-opgeleide modelle)
• Geversioneer met meerdere weergawes per model

Elkeen model het metadata insluitend sy framework, container image URI, artifact location, en serving configuration.

Endpoints

Endpoints is hulpbronne wat ontplooide modelle huisves en aanlynprediksies dien. Sleutelkenmerke:

• Kan veral ontplooide modelle huisves (met traffic splitting)
• Verskaf HTTPS-endpoints vir regstreekse voorspellings
• Ondersteun autoscaling gebaseer op verkeer
• Kan privaat of publieke toegang gebruik
• Ondersteun A/B testing deur traffic splitting

Custom Jobs

Custom jobs laat jou toe om aangepaste training code te laat loop met jou eie containers of Python-pakkette. Kenmerke sluit in:

• Ondersteuning vir distributed training met meerdere worker pools
• Konfigureerbare masjientipes en accelerators (GPUs/TPUs)
• Service account-aanhegting vir toegang tot ander GCP-hulpbronne
• Integrasie met Vertex AI Tensorboard vir visualisering
• VPC connectivity-opsies

Hyperparameter Tuning Jobs

Hierdie jobs soek outomaties na optimale hyperparameters deur verskeie training trials met verskillende parameterkombinasies uit te voer.

Model Garden

Model Garden bied toegang tot:

• Voor-opgeleide Google-modelle
• Open-source-modelle (insluitend Hugging Face)
• Derdeparty-modelle
• Een-klik ontplooiingsvermoëns

Tensorboards

Tensorboards bied visualisering en monitering vir ML-eksperimente, volg metrieke, modelgrafieke en opleidingsvordering.

Service Accounts & Permissions

Standaard gebruik Vertex AI-dienste die Compute Engine default service account (PROJECT_NUMBER-compute@developer.gserviceaccount.com), wat Editor-permissies op die projek het. Jy kan egter pasgemaakte service accounts spesifiseer wanneer:

• Skep van custom jobs
• Oplaai van modelle
• Ontplooiing van modelle na endpoints

Hierdie service account word gebruik om:

• Toegang tot opleidingsdata in Cloud Storage
• Logs te skryf na Cloud Logging
• Toegang tot secrets uit Secret Manager
• Interaksie met ander GCP-dienste

Data Storage

• Model artifacts word gestoor in Cloud Storage-buckets
• Opleidingsdata is tipies in Cloud Storage of BigQuery
• Container images word gestoor in Artifact Registry of Container Registry
• Logs word gestuur na Cloud Logging
• Metrieke word gestuur na Cloud Monitoring

Encryption

Standaard gebruik Vertex AI Google-managed encryption keys. Jy kan ook konfigureer:

• Customer-managed encryption keys (CMEK) vanaf Cloud KMS
• Enkripsie geld vir model artifacts, opleidingsdata, en endpoints

Networking

Vertex AI-hulpbronne kan gekonfigureer word vir:

• Publieke internettoegang (standaard)
• VPC peering vir privaat toegang
• Private Service Connect vir veilige konnektiwiteit
• Shared VPC ondersteuning

Enumeration

# List models
gcloud ai models list --region=<region>
gcloud ai models describe <model-id> --region=<region>
gcloud ai models list-version <model-id> --region=<region>

# List endpoints
gcloud ai endpoints list --region=<region>
gcloud ai endpoints describe <endpoint-id> --region=<region>
gcloud ai endpoints list --list-model-garden-endpoints-only --region=<region>

# List custom jobs
gcloud ai custom-jobs list --region=<region>
gcloud ai custom-jobs describe <job-id> --region=<region>

# Stream logs from a running job
gcloud ai custom-jobs stream-logs <job-id> --region=<region>

# List hyperparameter tuning jobs
gcloud ai hp-tuning-jobs list --region=<region>
gcloud ai hp-tuning-jobs describe <job-id> --region=<region>

# List model monitoring jobs
gcloud ai model-monitoring-jobs list --region=<region>
gcloud ai model-monitoring-jobs describe <job-id> --region=<region>

# List Tensorboards
gcloud ai tensorboards list --region=<region>
gcloud ai tensorboards describe <tensorboard-id> --region=<region>

# List indexes (for vector search)
gcloud ai indexes list --region=<region>
gcloud ai indexes describe <index-id> --region=<region>

# List index endpoints
gcloud ai index-endpoints list --region=<region>
gcloud ai index-endpoints describe <index-endpoint-id> --region=<region>

# Get operations (long-running operations status)
gcloud ai operations describe <operation-id> --region=<region>

# Test endpoint predictions (if you have access)
gcloud ai endpoints predict <endpoint-id> \
--region=<region> \
--json-request=request.json

# Make direct predictions (newer API)
gcloud ai endpoints direct-predict <endpoint-id> \
--region=<region> \
--json-request=request.json

Model Inligtingsversameling

# Get detailed model information including versions
gcloud ai models describe <model-id> --region=<region>

# Check specific model version
gcloud ai models describe <model-id>@<version> --region=<region>

# List all versions of a model
gcloud ai models list-version <model-id> --region=<region>

# Get model artifact location (usually a GCS bucket)
gcloud ai models describe <model-id> --region=<region> --format="value(artifactUri)"

# Get container image URI
gcloud ai models describe <model-id> --region=<region> --format="value(containerSpec.imageUri)"

Eindpunt Besonderhede

# Get endpoint details including deployed models
gcloud ai endpoints describe <endpoint-id> --region=<region>

# Get endpoint URL
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(deployedModels[0].displayName)"

# Get service account used by endpoint
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(deployedModels[0].serviceAccount)"

# Check traffic split between models
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(trafficSplit)"

Aangepaste Taakinligting

# Get job details including command, args, and service account
gcloud ai custom-jobs describe <job-id> --region=<region>

# Get service account used by job
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].serviceAccount)"

# Get container image used
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].containerSpec.imageUri)"

# Check environment variables (may contain secrets)
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].containerSpec.env)"

# Get network configuration
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.network)"

Toegangsbeheer

# Note: IAM policies for individual Vertex AI resources are managed at the project level
# Check project-level permissions
gcloud projects get-iam-policy <project-id>

# Check service account permissions
gcloud iam service-accounts get-iam-policy <service-account-email>

# Check if endpoints allow unauthenticated access
# This is controlled by IAM bindings on the endpoint
gcloud projects get-iam-policy <project-id> \
--flatten="bindings[].members" \
--filter="bindings.role:aiplatform.user"

Berging en Artefakte

# Models and training jobs often store artifacts in GCS
# List buckets that might contain model artifacts
gsutil ls

# Common artifact locations:
# gs://<project>-aiplatform-<region>/
# gs://<project>-vertex-ai/
# gs://<custom-bucket>/vertex-ai/

# Download model artifacts if accessible
gsutil -m cp -r gs://<bucket>/path/to/artifacts ./artifacts/

# Check for notebooks in AI Platform Notebooks
gcloud notebooks instances list --location=<location>
gcloud notebooks instances describe <instance-name> --location=<location>

Modeltuin

# List Model Garden endpoints
gcloud ai endpoints list --list-model-garden-endpoints-only --region=<region>

# Model Garden models are often deployed with default configurations
# Check for publicly accessible endpoints

Privilege Escalation

Op die volgende bladsy kan jy nagaan hoe om abuse Vertex AI permissions to escalate privileges:

GCP - Vertex AI Privesc

Post Exploitation

GCP - Vertex AI Post Exploitation

Verwysings

• https://cloud.google.com/vertex-ai/docs
• https://cloud.google.com/vertex-ai/docs/reference/rest

Tip

Leer & oefen AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Leer & oefen GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Leer & oefen Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Ondersteun HackTricks

• Kyk na die subscription plans!
• Sluit aan by die 💬 Discord group of die telegram group of volg ons op Twitter 🐦 @hacktricks_live.
• Deel hacking tricks deur PRs in te dien by die HackTricks en HackTricks Cloud github repos.