GCP - Storage Post Exploitation

Reading time: 3 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Cloud Storage

Kwa maelezo zaidi kuhusu Cloud Storage angalia ukurasa huu:

GCP - Storage Enum

Toa Ufikiaji wa Umma

Inawezekana kutoa watumiaji wa nje (walioingia GCP au la) ufikiaji wa maudhui ya ndoo. Hata hivyo, kwa default ndoo itakuwa na chaguo la kuzima kufichua ndoo kwa umma:

bash
# Disable public prevention
gcloud storage buckets update gs://BUCKET_NAME --no-public-access-prevention

# Make all objects in a bucket public
gcloud storage buckets add-iam-policy-binding gs://BUCKET_NAME --member=allUsers --role=roles/storage.objectViewer
## I don't think you can make specific objects public just with IAM

# Make a bucket or object public (via ACL)
gcloud storage buckets update gs://BUCKET_NAME --add-acl-grant=entity=AllUsers,role=READER
gcloud storage objects update gs://BUCKET_NAME/OBJECT_NAME --add-acl-grant=entity=AllUsers,role=READER

Ikiwa unajaribu kutoa ACLs kwa ndoo yenye ACLs zilizozuiliwa utaona kosa hili: ERROR: HTTPError 400: Cannot use ACL API to update bucket policy when uniform bucket-level access is enabled. Read more at https://cloud.google.com/storage/docs/uniform-bucket-level-access

Ili kufikia ndoo wazi kupitia kivinjari, fikia URL https://<bucket_name>.storage.googleapis.com/ au https://<bucket_name>.storage.googleapis.com/<object_name>

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks