gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-05 01:07:11 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['.github/pull_request_template.md', 'src/pentesting-cloud/az

Browse Source
This commit is contained in:
Translator
2024-12-31 18:59:36 +00:00
parent 7770a50092
commit 820dd99aed
244 changed files with 8557 additions and 11405 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/pentesting-cloud/gcp-security/gcp-services/gcp-stackdriver-enum.md
View File

@@ -4,12 +4,11 @@
## [Stackdriver logging](https://cloud.google.com/sdk/gcloud/reference/logging/)
[**Stackdriver**](https://cloud.google.com/stackdriver/) is recognized as a comprehensive infrastructure **logging suite** offered by Google. It has the capability to capture sensitive data through features like syslog, which reports individual commands executed inside Compute Instances. Furthermore, it monitors HTTP requests sent to load balancers or App Engine applications, network packet metadata within VPC communications, and more.
[**Stackdriver**](https://cloud.google.com/stackdriver/) è riconosciuto come un'ampia **suite di logging** per l'infrastruttura offerta da Google. Ha la capacità di catturare dati sensibili attraverso funzionalità come syslog, che riporta i singoli comandi eseguiti all'interno delle Compute Instances. Inoltre, monitora le richieste HTTP inviate ai load balancer o alle applicazioni App Engine, i metadati dei pacchetti di rete all'interno delle comunicazioni VPC e altro ancora.
For a Compute Instance, the corresponding service account requires merely **WRITE** permissions to facilitate logging of instance activities. Nonetheless, it's possible that an administrator might **inadvertently** provide the service account with both **READ** and **WRITE** permissions. In such instances, the logs can be scrutinized for sensitive information.
To accomplish this, the [gcloud logging](https://cloud.google.com/sdk/gcloud/reference/logging/) utility offers a set of tools. Initially, identifying the types of logs present in your current project is recommended.
Per una Compute Instance, l'account di servizio corrispondente richiede semplicemente permessi **WRITE** per facilitare il logging delle attività dell'istanza. Tuttavia, è possibile che un amministratore possa **inavvertitamente** fornire all'account di servizio sia permessi **READ** che **WRITE**. In tali casi, i log possono essere esaminati per informazioni sensibili.
Per raggiungere questo obiettivo, l'utilità [gcloud logging](https://cloud.google.com/sdk/gcloud/reference/logging/) offre un insieme di strumenti. Inizialmente, è consigliato identificare i tipi di log presenti nel tuo progetto attuale.
```bash
# List logs
gcloud logging logs list
@@ -24,14 +23,9 @@ gcloud logging write [FOLDER] [MESSAGE]
# List Buckets
gcloud logging buckets list
```
## References
## Riferimenti
- [https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/#reviewing-stackdriver-logging](https://about.gitlab.com/blog/2020/02/12/plundering-gcp-escalating-privileges-in-google-cloud-platform/#reviewing-stackdriver-logging)
- [https://initblog.com/2020/gcp-post-exploitation/](https://initblog.com/2020/gcp-post-exploitation/)
{{#include ../../../banners/hacktricks-training.md}}