GCP - Sourcerepos Privesc

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Source Repositories

Kwa taarifa zaidi kuhusu Source Repositories angalia:

GCP - Source Repositories Enum

`source.repos.get`

Kwa ruhusa hii inawezekana kupakua repository lokalini:

Clone source repository

```bash gcloud source repos clone --project= ```

Mtu mwenye ruhusa hii ataweza kuandika code ndani ya repository iliyokopia kwa gcloud source repos clone <repo>. Lakini kumbuka kuwa ruhusa hii haiwezi kuambatishwa kwenye custom roles, kwa hivyo lazima itolewe kupitia role zilizowekwa tayari kama:

Owner
Editor
Source Repository Administrator (roles/source.admin)
Source Repository Writer (roles/source.writer)

Ili kuandika, fanya tu git push ya kawaida.

`source.repos.setIamPolicy`

Kwa ruhusa hii mshambuliaji anaweza kujipa ruhusa zilizotajwa hapo awali.

Ufikiaji wa siri

Ikiwa mshambuliaji ana ufikiaji wa siri ambazo tokens zimehifadhiwa, ataweza kuziiba. Kwa maelezo zaidi kuhusu jinsi ya kufikia secret angalia:

GCP - Secretmanager Privesc

Ongeza SSH keys

Inawezekana kuongeza ssh keys kwenye project ya Source Repository kwenye web console. Inafanya POST request kwa /v1/sshKeys:add na inaweza kusanidiwa kwenye https://source.cloud.google.com/user/ssh_keys

Mara ssh key yako itakapowekwa, unaweza kufikia repo kwa:

Clone repository using SSH

```bash git clone ssh://username@domain.com@source.developers.google.com:2022/p//r/ ```

Na kisha tumia git amri kama kawaida.

Cheti za Mkono

Inawezekana kuunda cheti kwa mkono ili kupata Source Repositories:

Kubofya kiungo cha kwanza kitatuelekeza kwa https://source.developers.google.com/auth/start?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform&state&authuser=3

Which will prompt an Oauth authorization prompt to give access to Google Cloud Development. So you will need either the credentials of the user or an open session in the browser for this.

Hii itakutuma kwenye ukurasa ulio na bash script to execute na itakusanidi git cookie katika $HOME/.gitcookies

Ukitekeleza script hiyo unaweza kisha kutumia git clone, push… na itafanya kazi.

`source.repos.updateProjectConfig`

Kwa ruhusa hii inawezekana kuzima ulinzi wa asili wa Source Repositories ambao unazuia kupakia code zenye Private Keys:

Zima pushblock na rekebisha mipangilio ya pub/sub

```bash gcloud source project-configs update --disable-pushblock ``` Unaweza pia kusanidi pub/sub topic tofauti au hata kuizima kabisa: ```bash gcloud source project-configs update --remove-topic=REMOVE_TOPIC gcloud source project-configs update --remove-topic=UPDATE_TOPIC ```

Tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!

Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.

Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.