gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-23 07:29:04 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2934cfc93e4a47517903cdd34b75e2018eff2812
hacktricks-cloud/pentesting-cloud/gcp-security/gcp-services/gcp-pub-sub.md
Carlos Polop 5ef56bb6b3 Recreating repository history for branch master
2024-12-12 19:35:48 +01:00

121 lines
7.0 KiB
Markdown
Raw Blame History

# GCP - Pub/Sub Enum
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
## Pub/Sub <a href="#reviewing-cloud-pubsub" id="reviewing-cloud-pubsub"></a>
[Google **Cloud Pub/Sub**](https://cloud.google.com/pubsub/) is described as a service facilitating message exchange between independent applications. The core components include **topics**, to which applications can **subscribe**. Subscribed applications have the capability to **send and receive messages**. Each message comprises the actual content along with associated metadata.
The **topic is the queue** where messages are going to be sent, while the **subscriptions** are the **objects** users are going to use to **access messages in the topics**. There can be more than **1 subscription per topic** and there are 4 types of subscriptions:
* **Pull**: The user(s) of this subscription needs to pull for messages.
* **Push**: An URL endpoint is indicated and messages will be sent immediately to it.
* **Big query table**: Like push but setting the messages inside a Big query table.
* **Cloud Storage**: Deliver messages directly to an existing bucket.
By **default** a **subscription expires after 31 days**, although it can be set to never expire.
By **default**, a message is **retained for 7 days**, but this time can be **increased up to 31 days**. Also, if it's not **ACKed in 10s** it goes back to the queue. It can also be set that ACKed messages should continue to be stored.
A topic is by default encrypted using a **Google managed encryption key**. But a **CMEK** (Customer Managed Encryption Key) from KMS can also be selected.
**Dead letter**: Subscriptions may configure a **maximum number of delivery attempts**. When a message cannot be delivered, it is **republished to the specified dead letter topic**.
### Snapshots & Schemas
A snapshot is a feature that **captures the state of a subscription at a specific point in time**. It is essentially a consistent **backup of the unacknowledged messages in a subscription**. By creating a snapshot, you preserve the message acknowledgment state of the subscription, allowing you to resume message consumption from the point the snapshot was taken, even after the original messages would have been otherwise deleted.\
If you are very lucky a snapshot could contain **old sensitive information** from when the snapshot was taken.
When creating a topic, you can indicate that the **topic messages must follow a schema**.
### Enumeration
```bash
# Get a list of topics in the project
gcloud pubsub topics list
gcloud pubsub topics describe <topic>
gcloud pubsub topics list-subscriptions <topic>
gcloud pubsub topics get-iam-policy <topic>
# Get a list of subscriptions across all topics
gcloud pubsub subscriptions list
gcloud pubsub subscriptions describe <subscription>
gcloud pubsub subscriptions get-iam-policy <subscription>
# Get list of schemas
gcloud pubsub schemas list
gcloud pubsub schemas describe <schema>
gcloud pubsub schemas list-revisions <schema>
# Get list of snapshots
gcloud pubsub snapshots list
gcloud pubsub snapshots describe <snapshot>
```
However, you may have better results [**asking for a larger set of data**](https://cloud.google.com/pubsub/docs/replay-overview), including older messages. This has some prerequisites and could impact applications, so make sure you really know what you're doing.
### Privilege Escalation & Post Exploitation
{% content-ref url="../gcp-post-exploitation/gcp-pub-sub-post-exploitation.md" %}
[gcp-pub-sub-post-exploitation.md](../gcp-post-exploitation/gcp-pub-sub-post-exploitation.md)
{% endcontent-ref %}
## Pub/Sub Lite
[**Pub/Sub Lite**](https://cloud.google.com/pubsub/docs/choosing-pubsub-or-lite) is a messaging service with **zonal storage**. Pub/Sub Lite **costs a fraction** of Pub/Sub and is meant for **high volume streaming** (up to 10 million messages per second) pipelines and event-driven system where low cost is the primary consideration.
In PubSub Lite there **are** **topics** and **subscriptions**, there **aren't snapshots** and **schemas** and there are:
* **Reservations**: Pub/Sub Lite Reservations is a feature that allows users to reserve capacity in a specific region for their message streams.
* **Operations**: Refers to the actions and tasks involved in managing and administering Pub/Sub Lite.
### Enumeration
```bash
# lite-topics
gcloud pubsub lite-topics list
gcloud pubsub lite-topics describe <topic>
gcloud pubsub lite-topics list-subscriptions <topic>
# lite-subscriptions
gcloud pubsub lite-subscriptions list
gcloud pubsub lite-subscriptions describe <subscription>
# lite-reservations
gcloud pubsub lite-reservations list
gcloud pubsub lite-reservations describe <topic>
gcloud pubsub lite-reservations list-topics <topic>
# lite-operations
gcloud pubsub lite-operations list
gcloud pubsub lite-operations describe <topic>
```
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
Reference in New Issue View Git Blame Copy Permalink