GCP - Cloud Run Baada ya Utumiaji

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Cloud Run

Kwa maelezo zaidi kuhusu Cloud Run angalia:

GCP - Cloud Run Enum

Futa CloudRun Job

Ruhusa za run.services.delete na run.services.get, pamoja na run.jobs.delete, zinawezesha utambulisho kufuta kabisa service au job ya Cloud Run, pamoja na usanidi wake na historia. Mikononi mwa mshambuliaji, hii inaweza kusababisha kuathiri mara moja applications au workflows muhimu, na kusababisha kukataa huduma (DoS) kwa watumiaji na mifumo inayotegemea mantiki ya huduma au kazi zilizopangwa muhimu.

Ili kufuta job, operesheni ifuatayo inaweza kufanywa.

gcloud run jobs delete <JOB_NAME> --region=<REGION> --quiet

Ili kufuta huduma, operesheni ifuatayo inaweza kutekelezwa.

gcloud run services delete <SERVICE_NAME> --region=<REGION> --quiet

Fikia container images

Ikiwa unaweza kufikia container images, kagua code kwa vulnerabilities na hardcoded sensitive information. Pia angalia sensitive information kwenye env variables.

Ikiwa images zimetunzwa katika repos ndani ya service Artifact Registry na mtumiaji ana read access juu ya repos, anaweza pia download image kutoka kwenye service hii.

Badilisha & redeploy the image

Badilisha run image ili kuiba information na redeploy version mpya (kufanya tu uploading ya docker container mpya yenye tags sawa haitafanya itekelezwe). Kwa mfano, ikiwa inatoa login page, iba credentials zinazotumwa na watumiaji.

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks