GCP

GCP Pentesting

Initial Access

IDs of projects available in account

gcloud projects list --format="table(projectId)"

List the identifier of each storage bucket created for the project

gsutil ls -p <project_id>

IAM members associated with the bucket - "allUsers or "allAuthenticatedUsers", the bucket is publicly available

gsutil iam get gs://<bucket_id>/ --format=json | jq '.bindings[].members[]'

List the identifier of each BigQuery Dataset created for the project

bq ls --project_id <project_id> --format=pretty

If one or more rules are "allUsers or "allAuthenticatedUsers", the dataset is publicly available

bq show --format=pretty <project_id>:<project_dataset>

List all the VM available for the project

gcloud compute images list --project <project_id> --no-standard-images --format="table(name)"

IAM members associated with the VM - "allAuthenticatedUsers", the VM is publicly shared with all others GCP accounts

gcloud compute images get-iam-policy <VM_ID> --format=json

Creat new image

gcloud compute images create <VM_name> --source-image=<image_name> --source-image-project=<project_id>

View image

gcloud compute images list

List the IDs of all the KMS key rings available in account

gcloud kms keyrings list --location=global

List the resource ID of each KMS key created for the key ring

gcloud kms key list --keyring=<key_ring_ID> --location=global --format="table(name)

"allUsers or "allAuthenticatedUsers", the KMS key is publicly available

gcloud kms keys get-iam-policy <resource_ID> --keyring=<key_ring_ID> --location=global --format=json | jq '.bindings[].members[]'

Name of each SQL DB for the project

gcloud sql instances list --project <project_id> --format="(NAME)"

IAM members associated - 0.0.0.0/0 : DB is publicly accessible

gcloud sql instances describe <db_name> --format=json | jq '.settings.ipConfiguration.authorizedNetworks[].value'

Last updated 5 months ago