GCP - Storage Post Exploitation

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Cloud Storage

Kwa maelezo zaidi kuhusu Cloud Storage angalia ukurasa huu:

GCP - Storage Enum

Kutoa Ufikiaji wa Umma

Inawezekana kuwapa watumiaji wa nje (wakiingia kwenye GCP au la) ufikiaji kwa yaliyomo kwenye bucket. Hata hivyo, kwa chaguo-msingi chaguo la kufungua bucket kwa umma litakuwa limezimwa:

# Disable public prevention
gcloud storage buckets update gs://BUCKET_NAME --no-public-access-prevention

# Make all objects in a bucket public
gcloud storage buckets add-iam-policy-binding gs://BUCKET_NAME --member=allUsers --role=roles/storage.objectViewer
## I don't think you can make specific objects public just with IAM

# Make a bucket or object public (via ACL)
gcloud storage buckets update gs://BUCKET_NAME --add-acl-grant=entity=AllUsers,role=READER
gcloud storage objects update gs://BUCKET_NAME/OBJECT_NAME --add-acl-grant=entity=AllUsers,role=READER

Ikiwa utajaribu kutoa ACLs to a bucket with disabled ACLs utapata kosa hili: ERROR: HTTPError 400: Cannot use ACL API to update bucket policy when uniform bucket-level access is enabled. Read more at https://cloud.google.com/storage/docs/uniform-bucket-level-access

Ili kufikia open buckets kupitia browser, nenda kwenye URL https://<bucket_name>.storage.googleapis.com/ au https://<bucket_name>.storage.googleapis.com/<object_name>

storage.objects.delete (storage.objects.get)

Kufuta object:

gcloud storage rm gs://<BUCKET_NAME>/<OBJECT_NAME> --project=<PROJECT_ID>

storage.buckets.delete, storage.objects.delete & storage.objects.list

Ili kufuta bucket:

gcloud storage rm -r gs://<BUCKET_NAME>

Zima Vifunguo vya HMAC

Idhini storage.hmacKeys.update inaruhusu kuzima vifunguo vya HMAC, na idhini storage.hmacKeys.delete inaruhusu kitambulisho kufuta vifunguo vya HMAC vinavyohusishwa na akaunti za huduma katika Cloud Storage.

# Deactivate
gcloud storage hmac update <ACCESS_ID> --deactivate

# Delete
gcloud storage hmac delete <ACCESS_ID>

storage.buckets.setIpFilter & storage.buckets.update

Ruhusa ya storage.buckets.setIpFilter, pamoja na ruhusa ya storage.buckets.update, inampa kitambulisho uwezo wa kusanidi IP address filters kwenye Cloud Storage bucket, ikibainisha ni IP ranges au addresses zipi zinazoruhusiwa kufikia rasilimali za bucket.

Ili kufuta kabisa IP filter, amri ifuatayo inaweza kutumika:

gcloud storage buckets update gs://<BUCKET_NAME> --project=<PROJECT_ID>

Ili kubadilisha anwani za IP zilizochujwa, amri ifuatayo inaweza kutumika:

gcloud storage buckets update gs://<BUCKET_NAME> \
--ip-filter-file=ip-filter.json \
--project=<PROJECT_ID>

Faili la JSON linawakilisha kichujio hicho chenyewe, kitu kama:

{
"mode": "Enabled",
"publicNetworkSource": {
"allowedIpCidrRanges": ["<IP>/<MASK>"]
},
"allowCrossOrgVpcs": false,
"allowAllServiceAgentAccess": false
}

storage.buckets.restore

Rejesha bucket kwa kutumia:

gcloud storage restore gs://<BUCKET_NAME>#<GENERATION> \
--project=<PROJECT_ID>

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks