gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-31 07:00:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Carlos Polop
2025-03-18 06:47:26 +01:00
parent b2bf4d9b07
commit 6915cfa68c
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/pentesting-cloud/azure-security/az-post-exploitation/az-function-apps-post-exploitation.md
View File

@@ -10,7 +10,8 @@ For more information about function apps check:
../az-services/az-function-apps.md
{{#endref}}
> [!CAUTION] > **Function Apps post exploitation tricks are very related to the privilege escalation tricks** so you can find all of them there:
> [!CAUTION]
> **Function Apps post exploitation tricks are very related to the privilege escalation tricks** so you can find all of them there:
{{#ref}}
../az-privilege-escalation/az-functions-app-privesc.md

2
src/pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-storage-privesc.md
View File

@@ -65,7 +65,7 @@ gcloud config set pass_credentials_to_gsutil true
Another exploit script for this method can be found [here](https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation/blob/master/ExploitScripts/storage.hmacKeys.create.py).
## `storage.objects.create`, `storage.objects.delete` = Storage Write permissions
### `storage.objects.create`, `storage.objects.delete` = Storage Write permissions
In order to **create a new object** inside a bucket you need `storage.objects.create` and, according to [the docs](https://cloud.google.com/storage/docs/access-control/iam-permissions#object_permissions), you need also `storage.objects.delete` to **modify** an existent object.