GCP - IAM Post Exploitation

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

IAM

Unaweza kupata taarifa zaidi kuhusu IAM katika:

GCP - IAM, Principals & Org Policies Enum

Kutoa ufikiaji kwa konsoli ya usimamizi

Ufikiaji wa GCP management console hutolewa kwa user accounts, si service accounts. Ili kuingia kwenye kiolesura cha wavuti, unaweza kumpa ufikiaji Google account unayodhibiti. Hii inaweza kuwa akaunti ya kawaida “@gmail.com”, haipaswi kuwa mwanachama wa shirika lengwa.

Hata hivyo, ili kumpa primitive role ya Owner kwa akaunti ya kawaida “@gmail.com”, utahitaji kutumia web console. gcloud itatoa hitilafu ikiwa utajaribu kumpa ruhusa juu ya Editor.

Unaweza kutumia amri ifuatayo kumpa user primitive role ya Editor kwenye project iliyopo:

gcloud projects add-iam-policy-binding [PROJECT] --member user:[EMAIL] --role roles/editor

If you succeeded here, try accessing the web interface and exploring from there.

This is the highest level you can assign using the gcloud tool.

Futa vipengele vya IAM iam.*.delete

Ruhusa za iam.*.delete (mfano, iam.roles.delete, iam.serviceAccountApiKeyBindings.delete, iam.serviceAccountKeys.delete, n.k.) zinamruhusu mtambulisho kufuta vipengele muhimu vya IAM kama custom roles, API key bindings, service account keys, na service accounts wenyewe. Mikononi mwa mshambuliaji, hii inawezesha kuondoa mbinu halali za kupata rasilimali na kusababisha a denial of service.

Ili kufanyika shambulio kama hili, inawezekana, kwa mfano, kufuta roles kwa kutumia:

gcloud iam roles delete <ROLE_ID> --project=<PROJECT_ID>

iam.serviceAccountKeys.disable || iam.serviceAccounts.disable

Ruhusa za iam.serviceAccountKeys.disable na iam.serviceAccounts.disable zinaruhusu kuzima vitufe hai vya Service Account au Service Accounts, ambazo mikononi mwa mshambuliaji zinaweza kutumika kuvuruga shughuli, kusababisha denial of service, au kukwamisha majibu ya matukio kwa kuzuia matumizi ya nyaraka halali.

Ili kuzima Service Account, unaweza kutumia amri ifuatayo:

gcloud iam service-accounts disable <SA_EMAIL> --project=<PROJECT_ID>

Ili kuzima keys za Service Account, unaweza kutumia amri ifuatayo:

gcloud iam service-accounts keys disable <KEY_ID> --iam-account=<SA_EMAIL>

iam.*.undelete

Ruhusa za iam.*.undelete zinaruhusu kurejesha vitu vilivyofutwa hapo awali kama vile uambatanisho wa funguo za API, majukumu maalum, au akaunti za huduma. Wakati ziko mikononi mwa mshambuliaji, hili linaweza kutumika kugeuza hatua za ulinzi (kurudisha upatikanaji uliyoondolewa), kuanzisha tena compromise vectors zilizofutwa ili kudumisha persistence, au kuepuka jitihada za kurekebisha, na hivyo kufanya kudhibiti tukio kuwa ngumu.

gcloud iam service-accounts undelete "${SA_ID}" --project="${PROJECT}"

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks