GCP - Source Repositories Enum
Reading time: 4 minutes
tip
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Basic Information
Google Cloud Source Repositories is a fully-featured, scalable, private Git repository service. It's designed to host your source code in a fully managed environment, integrating seamlessly with other GCP tools and services. It offers a collaborative and secure place for teams to store, manage, and track their code.
Key features of Cloud Source Repositories include:
- Fully Managed Git Hosting: Offers the familiar functionality of Git, meaning you can use regular Git commands and workflows.
- Integration with GCP Services: Integrates with other GCP services like Cloud Build, Pub/Sub, and App Engine for end-to-end traceability from code to deployment.
- Private Repositories: Ensures your code is stored securely and privately. You can control access using Cloud Identity and Access Management (IAM) roles.
- Source Code Analysis: Works with other GCP tools to provide automated analysis of your source code, identifying potential issues like bugs, vulnerabilities, or bad coding practices.
- Collaboration Tools: Supports collaborative coding with tools like merge requests, comments, and reviews.
- Mirror Support: Allows you to connect Cloud Source Repositories with repositories hosted on GitHub or Bitbucket, enabling automatic synchronization and providing a unified view of all your repositories.
OffSec information
- The source repositories configuration inside a project will have a Service Account used to publishing Cloud Pub/Sub messages. The default one used is the Compute SA. However, I don't think it's possible steal its token from Source Repositories as it's being executed in the background.
- To see the code inside the GCP Cloud Source Repositories web console (https://source.cloud.google.com/), you need the code to be inside master branch by default.
- You can also create a mirror Cloud Repository pointing to a repo from Github or Bitbucket (giving access to those platforms).
- It's possible to code & debug from inside GCP.
- By default, Source Repositories prevents private keys to be pushed in commits, but this can be disabled.
Open In Cloud Shell
It's possible to open the repository in Cloud Shell, a prompt like this one will appear:
This will allow you to code and debug in Cloud Shell (which could get cloudshell compromised).
Enumeration
# Repos enumeration
gcloud source repos list #Get names and URLs
gcloud source repos describe <repo_name>
gcloud source repos get-iam-policy <repo_name>
# gcloud repo clone
gcloud source repos clone <REPO NAME>
gcloud source repos get-iam-policy <REPO NAME>
... git add & git commit -m ...
git push --set-upstream origin master
git push -u origin master
# Access via git
## To add a SSH key go to https://source.cloud.google.com/user/ssh_keys (no gcloud command)
git clone ssh://username@domain.com@source.developers.google.com:2022/p/<proj-name>/r/<repo-name>
git add, commit, push...
Privilege Escalation & Post Exploitation
Unauthenticated Enum
GCP - Source Repositories Unauthenticated Enum
tip
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.