DEV Community

Bruno
Bruno

Posted on

Some handy notes for GCP pentesting

Hey folks!
Here's some notes that I use when validating some GCP service accounts and looking for SSRFs.

How to authenticate in a service account using the GCP CLI

gcloud auth activate-service-account 1234567-compute@developer.gserviceaccount.com --key-file=pathtofile.json --project=project_name
Enter fullscreen mode Exit fullscreen mode

The e-mail address you will copy from the json file, also the key file you will point to where the file it's saved, and the project name you also can get in the file.

List of some commands

#List SSL certificates 
gcloud compute ssl-certificates list
#List compute engine image disks
gcloud compute images list
#List compute engine instances
gcloud compute instances list
#List buckets
gcloud storage ls
#List buckets using gsutil
gsutil ls
#List containers
gcloud container images list
#List clusters
gcloud container clusters list
#List firewall rules
gcloud compute firewall-rules list
Enter fullscreen mode Exit fullscreen mode

Achieving SSRFs in Axios

When attempting to achieve SSRF in a GCP environment, it's mandatory to have a 'Metada-Flavor: Google' header to your request.

In Axios, you can add headers to your request by default, you just need to create an object in the request body and it's done.

Axios Docs

Some usefull links and tools

GCP Pentesting - Hacktricks

GCP Services - Hacktricks

Awesome GCP Pentesting

Top comments (0)