GCP - Unauthenticated Enum & Access

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

• Angalia the subscription plans!
• Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
• Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

Public Assets Discovery

Njia moja ya kugundua rasilimali za umma za wingu zinazomilikiwa na kampuni ni kuangalia tovuti zao kutafuta hizo. Zana kama CloudScraper itachambua wavuti na kutafuta viungo vya rasilimali za umma za wingu (katika kesi hii zana hii inatafuta ['amazonaws.com', 'digitaloceanspaces.com', 'windows.net', 'storage.googleapis.com', 'aliyuncs.com'])

Kumbuka kwamba rasilimali nyingine za wingu zinaweza kutafutwa na kwamba wakati mwingine rasilimali hizi zimefichwa nyuma ya subdomains ambazo zinaelekeza kwao kupitia CNAME registry.

Public Resources Brute-Force

Buckets, Firebase, Apps & Cloud Functions

• https://github.com/initstring/cloud_enum: Zana hii katika GCP inafanya brute-force kwa Buckets, Firebase Realtime Databases, tovuti za Google App Engine, na Cloud Functions
• https://github.com/0xsha/CloudBrute: Zana hii katika GCP inafanya brute-force kwa Buckets na Apps.

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

• Angalia the subscription plans!
• Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
• Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.