GITBOOK-523: change request with no subject merged in GitBook

pentesting-cloud/gcp-security/gcp-services/gcp-iam-and-org-policies-enum.md

@@ -42,6 +42,10 @@ For an intro about how Users & Groups work in GCP check:
 
 With the permissions **`serviceusage.services.enable`** and **`serviceusage.services.use`** it's possible to **enable services** in a project and use them.
 
+{% hint style="danger" %}
+Note that by default, Workspace users are granted the role **Project Creator**, giving them access to **create new projects**. When a user creates a project, he is granted the **`owner`** role over it. So, he could **enable these services over the project to be able to enumerate Workspace**.
+{% endhint %}
+
 If you can **enable the `admin` service** and if your user has **enough privileges in workspace,** you could **enumerate all groups & users** with the following lines.\
 Even if it says **`identity groups`**, it also returns **users without any groups**:
 
@@ -91,6 +95,8 @@ These **roles** grant the **permissions**:
 * `billing.accounts.create` and `resourcemanager.organizations.get`
 * `resourcemanager.organizations.get` and `resourcemanager.projects.create`
 
+Moreover, when a user creates a project, he is **granted owner of that project automatically** according to the [docs](https://cloud.google.com/resource-manager/docs/access-control-proj). Therefore, by default, a user will be able to create a project and run any service on it (miners? Workspace enumeration? ...)
+
 {% hint style="danger" %}
 The higest privilege in a GCP Organization is the **Organization Administrator** role.
 {% endhint %}
@@ -103,7 +109,7 @@ The higest privilege in a GCP Organization is the **Organization Administrator**
 gcloud iam roles list --project $PROJECT_ID # List only custom roles
 gcloud iam roles list --filter='etag:AA=='
 
-## Get permis and description of role
+## Get perms and description of role
 gcloud iam roles describe roles/container.admin
 gcloud iam roles describe --project <proj-name> <role-name>
 
@@ -126,21 +132,22 @@ There are different ways to check all the permissions of a user in different res
 * The permission **`cloudasset.assets.searchAllIamPolicies`** can request **all the iam policies** inside a resource.
 
 ```bash
-gcloud asset search-all-iam-policies #By default uses current configured folder
+gcloud asset search-all-iam-policies #By default uses current configured project
 gcloud asset search-all-iam-policies --scope folders/1234567
 gcloud asset search-all-iam-policies --scope organizations/123456
+gcloud asset search-all-iam-policies --scope projects/project-id-123123
 ```
 
 * The permission **`cloudasset.assets.analyzeIamPolicy`** can request **all the iam policies** of a principal inside a resource.
 
 ```bash
 # Needs perm "cloudasset.assets.analyzeIamPolicy" over the asset
 gcloud asset analyze-iam-policy --organization=<org-id> \
-            --identity='user:carlos.polop@hacktricks.xyz'
+            --identity='user:email@hacktricks.xyz'
 gcloud asset analyze-iam-policy --folder=<folder-id> \
-            --identity='user:carlos.polop@hacktricks.xyz'
+            --identity='user:email@hacktricks.xyz'
 gcloud asset analyze-iam-policy --project=<project-name> \
-            --identity='user:carlos.polop@hacktricks.xyz'
+            --identity='user:email@hacktricks.xyz'
 ```
 
 * The permission **`cloudasset.assets.searchAllResources`** allows listing all resources of an organization, folder, or project. IAM related resources (like roles) included.