GCP - Vertex AI Enum

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

• Angalia the subscription plans!
• Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
• Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

Vertex AI

Vertex AI ni jukwaa la Google Cloud la machine learning lililounganishwa kwa kujenga, kupeleka, na kusimamia modeli za AI kwa wingi. Linaunganisha huduma mbalimbali za AI na ML katika jukwaa moja lililounganishwa, likiwawezesha wanasayansi wa data na wahandisi wa ML:

• Fundisha modeli zilizobinafsishwa kwa kutumia AutoML au custom training
• Peleka modeli kwa endpoints zinazoweza kupanuka kwa ajili ya utabiri
• Simsimeni mzunguko wa maisha wa ML kutoka majaribio hadi uzalishaji
• Pata modeli zilizotayarishwa awali kutoka Model Garden
• Fuatilia na boresha utendaji wa modeli

Agent Engine / Reasoning Engine

Kwa njia maalumu za enumeration na post-exploitation za Agent Engine / Reasoning Engine zinazohusisha metadata credential theft, P4SA abuse, na producer/tenant project pivoting, angalia:

GCP - Vertex AI Post Exploitation

Key Components

Models

Vertex AI models zinawakilisha modeli za machine learning zilizofunzwa ambazo zinaweza kupelekwa kwa endpoints ili kutoa utabiri. Modeli zinaweza kuwa:

• Uploaded kutoka kwenye custom containers au artifacts za modeli
• Created kupitia AutoML training
• Imported kutoka Model Garden (modeli zilizotayarishwa awali)
• Versioned na matoleo mengi kwa kila modeli

Kila modeli ina metadata ikijumuisha framework yake, container image URI, eneo la artifact, na configuration ya serving.

Endpoints

Endpoints ni rasilimali zinazohifadhi modeli zilizopelekwa na kutoa utabiri wa wakati halisi. Mambo muhimu:

• Inaweza kuhost modeli nyingi zilizopelekwa (kwa traffic splitting)
• Hutoa HTTPS endpoints kwa utabiri wa wakati halisi
• Inasaidia autoscaling kulingana na trafiki
• Inaweza kutumia upatikanaji private au public
• Inasaidia A/B testing kupitia traffic splitting

Custom Jobs

Custom jobs zinakuwezesha kuendesha code ya mafunzo maalumu ukitumia containers zako au packages za Python. Sifa ni pamoja na:

• Msaada wa distributed training kwa pools nyingi za worker
• Aina za mashine na accelerators (GPUs/TPUs) zinazoweza kusanidiwa
• Uambatanishaji wa service account kwa kufikia rasilimali nyingine za GCP
• Uunganishaji na Vertex AI Tensorboard kwa uonyesho
• Chaguzi za VPC connectivity

Hyperparameter Tuning Jobs

Maboresho haya yanafanya utafutaji wa moja kwa moja wa hyperparameters bora kwa kuendesha majaribio mengi ya mafunzo na mchanganyiko tofauti wa vigezo.

Model Garden

Model Garden inatoa upatikanaji wa:

• Modeli za Google zilizotayarishwa awali
• Modeli za open-source (pamoja na Hugging Face)
• Modeli za wahusika wengine
• Uwezo wa deployment kwa click moja

Tensorboards

Tensorboards hutoa uonyesho na ufuatiliaji kwa majaribio ya ML, ikirekodi metrics, grafu za modeli, na maendeleo ya mafunzo.

Service Accounts & Permissions

Kawaida, huduma za Vertex AI zinatumia Compute Engine default service account (PROJECT_NUMBER-compute@developer.gserviceaccount.com), ambayo ina ruhusa za Editor kwenye project. Hata hivyo, unaweza kutaja akaunti maalumu za huduma wakati wa:

• Kuunda custom jobs
• Kupakia modeli
• Kupeleka modeli kwa endpoints

Akaunti hii ya huduma inatumika kwa:

• Kufikia data ya mafunzo kwenye Cloud Storage
• Kukuza logs kwenye Cloud Logging
• Kufikia secrets kutoka Secret Manager
• Kuingiliana na huduma nyingine za GCP

Data Storage

• Model artifacts zinahifadhiwa katika mabakuli ya Cloud Storage
• Training data kwa kawaida iko kwenye Cloud Storage au BigQuery
• Container images zinahifadhiwa katika Artifact Registry au Container Registry
• Logs zinatumwa kwa Cloud Logging
• Metrics zinatumwa kwa Cloud Monitoring

Encryption

Kawaida, Vertex AI inatumia Google-managed encryption keys. Pia unaweza kusanidi:

• Customer-managed encryption keys (CMEK) kutoka Cloud KMS
• Encryption inahusisha model artifacts, training data, na endpoints

Networking

Rasilimali za Vertex AI zinaweza kusanidiwa kwa:

• Public internet access (default)
• VPC peering kwa upatikanaji wa kibinafsi
• Private Service Connect kwa muunganisho salama
• Usaidizi wa Shared VPC

Enumeration

# List models
gcloud ai models list --region=<region>
gcloud ai models describe <model-id> --region=<region>
gcloud ai models list-version <model-id> --region=<region>

# List endpoints
gcloud ai endpoints list --region=<region>
gcloud ai endpoints describe <endpoint-id> --region=<region>
gcloud ai endpoints list --list-model-garden-endpoints-only --region=<region>

# List custom jobs
gcloud ai custom-jobs list --region=<region>
gcloud ai custom-jobs describe <job-id> --region=<region>

# Stream logs from a running job
gcloud ai custom-jobs stream-logs <job-id> --region=<region>

# List hyperparameter tuning jobs
gcloud ai hp-tuning-jobs list --region=<region>
gcloud ai hp-tuning-jobs describe <job-id> --region=<region>

# List model monitoring jobs
gcloud ai model-monitoring-jobs list --region=<region>
gcloud ai model-monitoring-jobs describe <job-id> --region=<region>

# List Tensorboards
gcloud ai tensorboards list --region=<region>
gcloud ai tensorboards describe <tensorboard-id> --region=<region>

# List indexes (for vector search)
gcloud ai indexes list --region=<region>
gcloud ai indexes describe <index-id> --region=<region>

# List index endpoints
gcloud ai index-endpoints list --region=<region>
gcloud ai index-endpoints describe <index-endpoint-id> --region=<region>

# Get operations (long-running operations status)
gcloud ai operations describe <operation-id> --region=<region>

# Test endpoint predictions (if you have access)
gcloud ai endpoints predict <endpoint-id> \
--region=<region> \
--json-request=request.json

# Make direct predictions (newer API)
gcloud ai endpoints direct-predict <endpoint-id> \
--region=<region> \
--json-request=request.json

Ukusanyaji wa Taarifa za Modeli

# Get detailed model information including versions
gcloud ai models describe <model-id> --region=<region>

# Check specific model version
gcloud ai models describe <model-id>@<version> --region=<region>

# List all versions of a model
gcloud ai models list-version <model-id> --region=<region>

# Get model artifact location (usually a GCS bucket)
gcloud ai models describe <model-id> --region=<region> --format="value(artifactUri)"

# Get container image URI
gcloud ai models describe <model-id> --region=<region> --format="value(containerSpec.imageUri)"

Maelezo ya Endpoint

# Get endpoint details including deployed models
gcloud ai endpoints describe <endpoint-id> --region=<region>

# Get endpoint URL
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(deployedModels[0].displayName)"

# Get service account used by endpoint
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(deployedModels[0].serviceAccount)"

# Check traffic split between models
gcloud ai endpoints describe <endpoint-id> --region=<region> --format="value(trafficSplit)"

Taarifa za Custom Job

# Get job details including command, args, and service account
gcloud ai custom-jobs describe <job-id> --region=<region>

# Get service account used by job
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].serviceAccount)"

# Get container image used
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].containerSpec.imageUri)"

# Check environment variables (may contain secrets)
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.workerPoolSpecs[0].containerSpec.env)"

# Get network configuration
gcloud ai custom-jobs describe <job-id> --region=<region> --format="value(jobSpec.network)"

Udhibiti wa Ufikiaji

# Note: IAM policies for individual Vertex AI resources are managed at the project level
# Check project-level permissions
gcloud projects get-iam-policy <project-id>

# Check service account permissions
gcloud iam service-accounts get-iam-policy <service-account-email>

# Check if endpoints allow unauthenticated access
# This is controlled by IAM bindings on the endpoint
gcloud projects get-iam-policy <project-id> \
--flatten="bindings[].members" \
--filter="bindings.role:aiplatform.user"

Uhifadhi na Artifakti

# Models and training jobs often store artifacts in GCS
# List buckets that might contain model artifacts
gsutil ls

# Common artifact locations:
# gs://<project>-aiplatform-<region>/
# gs://<project>-vertex-ai/
# gs://<custom-bucket>/vertex-ai/

# Download model artifacts if accessible
gsutil -m cp -r gs://<bucket>/path/to/artifacts ./artifacts/

# Check for notebooks in AI Platform Notebooks
gcloud notebooks instances list --location=<location>
gcloud notebooks instances describe <instance-name> --location=<location>

Model Garden

# List Model Garden endpoints
gcloud ai endpoints list --list-model-garden-endpoints-only --region=<region>

# Model Garden models are often deployed with default configurations
# Check for publicly accessible endpoints

Privilege Escalation

Kwenye ukurasa ufuatao, unaweza kuona jinsi ya kutumia vibaya ruhusa za Vertex AI ili escalate privileges:

GCP - Vertex AI Privesc

Post Exploitation

GCP - Vertex AI Post Exploitation

Marejeo

• https://cloud.google.com/vertex-ai/docs
• https://cloud.google.com/vertex-ai/docs/reference/rest

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

• Angalia the subscription plans!
• Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
• Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.