GCP - API Keys Unauthenticated Enum

Reading time: 4 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

API Keys

Kwa maelezo zaidi kuhusu API Keys angalia:

GCP - API Keys Enum

OSINT techniques

Google API Keys zinatumika sana na aina yoyote ya programu zinazotumia kutoka upande wa mteja. Ni kawaida kuzipata katika msimbo wa chanzo wa tovuti au maombi ya mtandao, katika programu za simu au tu kutafuta regex katika majukwaa kama Github.

Regex ni: AIza[0-9A-Za-z_-]{35}

Tafuta kwa mfano katika Github ikifuatia: https://github.com/search?q=%2FAIza%5B0-9A-Za-z_-%5D%7B35%7D%2F&type=code&ref=advsearch

Check origin GCP project

Hii ni muhimu sana kuangalia ni mradi gani wa GCP ambao API key uliyopata inahusiana nao. Tuna chaguzi tofauti:

  • Wasiliana na https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=<api-key

Kwa ajili ya ufupi, matokeo yalikatwa, lakini katika matokeo kamili ID ya mradi inaonekana zaidi ya mara 5.

bash
curl -s "https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=AIzaSyD[...]uE8Y"

{
"error": {
"code": 403,
"message": "Identity Toolkit API has not been used in project 943955951114 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=943955951114 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
[...]
  • Wasiliana na https://www.googleapis.com/identitytoolkit/v3/relyingparty/getProjectConfig?key=<api-key>

Kwa ajili ya ufupi, matokeo yalikatwa, lakini katika matokeo kamili, kitambulisho cha mradi kinaonekana zaidi ya mara 5.

bash
curl -s "https://identitytoolkit.googleapis.com/v1/projects?key=AIzaSyD[...]uE8Y"

{
"error": {
"code": 403,
"message": "Identity Toolkit API has not been used in project 943955951114 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project=943955951114 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
[...]
  • [Hii sasa haitumiki tena!] apikeys.keys.lookup
bash
# If you have permissions
gcloud services api-keys lookup AIzaSyD[...]uE8Y
name: projects/5[...]6/locations/global/keys/28d[...]e0e
parent: projects/5[...]6/locations/global

# If you don't, you can still see the project ID in the error msg
gcloud services api-keys lookup AIzaSy[...]Qbkd_oYE
ERROR: (gcloud.services.api-keys.lookup) PERMISSION_DENIED: Permission 'apikeys.keys.lookup' denied on resource project.
Help Token: ARD_zUaNgNilGTg9oYUnMhfa3foMvL7qspRpBJ-YZog8RLbTjCTBolt_WjQQ3myTaOqu4VnPc5IbA6JrQN83CkGH6nNLum6wS4j1HF_7HiCUBHVN
- '@type': type.googleapis.com/google.rpc.PreconditionFailure
violations:
- subject: ?error_code=110002&service=cloudresourcemanager.googleapis.com&permission=serviceusage.apiKeys.getProjectForKey&resource=projects/89123452509
type: googleapis.com
- '@type': type.googleapis.com/google.rpc.ErrorInfo
domain: apikeys.googleapis.com
metadata:
permission: serviceusage.apiKeys.getProjectForKey
resource: projects/89123452509
service: cloudresourcemanager.googleapis.com
reason: AUTH_PERMISSION_DENIED

Brute Force API endspoints

Kama hujui ni APIs zipi zimewezeshwa katika mradi, itakuwa ya kuvutia kutumia chombo https://github.com/ozguralp/gmapsapiscanner na kuangalia kila kitu unachoweza kufikia kwa kutumia API key.

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks