gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-23 07:29:04 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2934cfc93e4a47517903cdd34b75e2018eff2812
hacktricks-cloud/pentesting-cloud/gcp-security/gcp-services/gcp-artifact-registry-enum.md
Carlos Polop 5ef56bb6b3 Recreating repository history for branch master
2024-12-12 19:35:48 +01:00

119 lines
7.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# GCP - Artifact Registry Enum
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
## Basic Information
Google Cloud Artifact Registry is a fully managed service that allows you to **manage, store, and secure your software artifacts**. It's essentially a repository for **storing build dependencies**, such as **Docker** images, **Maven**, npm packages, and other types of artifacts. It's **commonly used in CI/CD pipelines** for storing and versioning the artifacts produced during the software development process.
Key features of Artifact Registry include:
1. **Unified Repository**: It supports **multiple types of artifacts**, allowing you to have a single repository for Docker images, language packages (like Javas Maven, Node.jss npm), and other types of artifacts, enabling consistent access controls and a unified view across all your artifacts.
2. **Fully Managed**: As a managed service, it takes care of the underlying infrastructure, scaling, and security, reducing the maintenance overhead for users.
3. **Fine-grained Access Control**: It integrates with Google Clouds Identity and Access Management (IAM), allowing you to define who can access, upload, or download artifacts in your repositories.
4. **Geo-replication**: It supports the replication of artifacts across multiple regions, improving the speed of downloads and ensuring availability.
5. **Integration with Google Cloud Services**: It works seamlessly with **other GCP services like Cloud Build, Kubernetes Engine, and Compute Engine**, making it a convenient choice for teams already working within the Google Cloud ecosystem.
6. **Security**: Offers features like **vulnerability scanning and container analysis** to help ensure that the stored artifacts are secure and free from known security issues.
### Formats and Modes
When creating a new repository it's possible to **select a the format/type** of the repository among several like Docker, Maven, npm, Python... and the mode which usually can be one of these three:
* **Standard Repository**: Default mode for **storing your own artifacts** (like Docker images, Maven packages) directly in GCP. It's secure, scalable, and integrates well within the Google Cloud ecosystem.
* **Remote Repository** (if available): Acts as a proxy for **caching artifacts from external**, public repositories. It helps prevent issues from dependencies changing upstream and reduces latency by caching frequently accessed artifacts.
* **Virtual Repository** (if available): Provides a **unified interface to access multiple (standard or remote) repositories** through a single endpoint, simplifying client-side configuration and access management for artifacts spread across various repositories.
* For a virtual repository you will need to **select repositories and give them a priority** (the repo with the largest priority will be used).
* You can **mix remote and standard** repositories in a **virtual** one, if the **priority** of the **remote** is **bigger** than the standard, **packages from remote (PyPi for example) will be used**. This could lead to a **Dependency Confusion.**
Note that in the **Remote version of Docker** it's possible to give a username and token to access Docker Hub. The **token is then stored in the Secret Manager**.
### Encryption
As expected, by default a Google-managed key is used but a Customer-managed key can be indicated (CMEK).
### Cleanup Policies
* **Delete artifacts:** Artifacts will be **deleted according to cleanup policy** criteria.
* **Dry run:** (Default one) Artifacts will **not be deleted**. Cleanup policies will be evaluated, and test delete events sent to Cloud Audit Logging.
### Vulnerability Scanning
It's possible to enable the **vulnerability scanner** which will check for vulnerabilities inside **container images**.
### Enumeration
```bash
# Get repositories
gcloud artifacts repositories list
gcloud artifacts repositories describe --location <location> <repo-name>
gcloud artifacts versions list --repository=<repo-name> -location <location> --package <package-name>
# Get settings of a repository (example using python but could be other)
gcloud artifacts print-settings python --repository <repo-name> --location <location>
# Get docker images
gcloud artifacts docker images list us-central1-docker.pkg.dev/<proj-name>/<repo-name>
# Get packages (like python and others...)
gcloud artifacts packages list --repository <repo-name> --location <location>
# Get SBOMB artifacts
gcloud artifacts sbom list
# Get vulnerabilities (docker images)
gcloud artifacts vulnerabilities list us-east1-docker.pkg.dev/project123/repository123/someimage@sha256:49765698074d6d7baa82f
gcloud artifacts docker images list-vulnerabilities projects/<proj-name>/locations/<location>/scans/<scan-uuid>
```
### Privilege Escalation
{% content-ref url="../gcp-privilege-escalation/gcp-artifact-registry-privesc.md" %}
[gcp-artifact-registry-privesc.md](../gcp-privilege-escalation/gcp-artifact-registry-privesc.md)
{% endcontent-ref %}
### Unauthenticated Access
{% content-ref url="../gcp-unauthenticated-enum-and-access/gcp-artifact-registry-unauthenticated-enum.md" %}
[gcp-artifact-registry-unauthenticated-enum.md](../gcp-unauthenticated-enum-and-access/gcp-artifact-registry-unauthenticated-enum.md)
{% endcontent-ref %}
### Post-Exploitation
{% content-ref url="../gcp-post-exploitation/gcp-artifact-registry-post-exploitation.md" %}
[gcp-artifact-registry-post-exploitation.md](../gcp-post-exploitation/gcp-artifact-registry-post-exploitation.md)
{% endcontent-ref %}
### Persistence
{% content-ref url="../gcp-persistence/gcp-artifact-registry-persistence.md" %}
[gcp-artifact-registry-persistence.md](../gcp-persistence/gcp-artifact-registry-persistence.md)
{% endcontent-ref %}
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
Reference in New Issue View Git Blame Copy Permalink