GCP - Stackdriver Enum

Reading time: 3 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Stackdriver logging

Stackdriver inatambuliwa kama suite kamili ya logging ya miundombinu inayotolewa na Google. Ina uwezo wa kukamata data nyeti kupitia vipengele kama syslog, ambayo inaripoti amri binafsi zinazotekelezwa ndani ya Compute Instances. Aidha, inafuatilia maombi ya HTTP yanayotumwa kwa load balancers au programu za App Engine, metadata ya pakiti za mtandao ndani ya mawasiliano ya VPC, na zaidi.

Kwa ajili ya Compute Instance, akaunti husika ya huduma inahitaji tu ruhusa za WRITE ili kuwezesha logging ya shughuli za instance. Hata hivyo, inawezekana kwamba msimamizi anaweza kasi kutoa akaunti ya huduma ruhusa za READ na WRITE. Katika hali kama hizo, kumbukumbu zinaweza kuchunguzwa kwa taarifa nyeti.

Ili kufanikisha hili, zana ya gcloud logging inatoa seti ya zana. Kwanza, inashauriwa kubaini aina za kumbukumbu zilizopo katika mradi wako wa sasa.

bash
# List logs
gcloud logging logs list

# Read logs
gcloud logging read [FOLDER]

# Write logs
# An attacker writing logs may confuse the Blue Team
gcloud logging write [FOLDER] [MESSAGE]

# List Buckets
gcloud logging buckets list

Marejeo

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks