GITBOOK-594: change request with no subject merged in GitBook

HackTricks-wiki · Mar 3, 2024 · 726a90e · 726a90e
1 parent 543bac5
commit 726a90e
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/pentesting-cloud/gcp-security/gcp-services/gcp-iam-and-org-policies-enum.md b/pentesting-cloud/gcp-security/gcp-services/gcp-iam-and-org-policies-enum.md
@@ -131,7 +131,7 @@ gcloud iam list-testable-permissions --filter "NOT apiDisabled: true" <resource>
 gcloud iam list-grantable-roles <project URL>
 ```
 
-#### Enumeration via cloudasset
+### cloudasset IAM Enumeration
 
 There are different ways to check all the permissions of a user in different resources (such as organizations, folders, projects...) using this service.
 
@@ -180,8 +180,12 @@ gcloud asset query --project=<proj> --statement='SELECT * FROM compute_googleapi
 ERROR: (gcloud.asset.query) UNAUTHENTICATED: QueryAssets API is only supported for SCC premium customers. See https://cloud.google.com/security-command-center/pricing
 ```
 
+### testIamPermissions enumeration&#x20;
+
 {% hint style="danger" %}
-If you **cannot access IAM information** using the previous methods and you are in a Red Team. You could **use the tool** [**https://github.com/carlospolop/my\_gcp\_perms**](https://github.com/carlospolop/my\_gcp\_perms) **to brute-force your current permissions.**
+If you **cannot access IAM information** using the previous methods and you are in a Red Team. You could **use the tool**[ **https://github.com/carlospolop/bf\_my\_gcp\_perms**](https://github.com/carlospolop/bf\_my\_gcp\_perms) **to brute-force your current permissions.**
+
+However, note that the service **`cloudresourcemanager.googleapis.com`** needs to be enabled.
 {% endhint %}
 
 ### Privesc