gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-15 14:23:16 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
3333cb3315c4141d64a739cfc2501040f89b4272
hacktricks-cloud/src/pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-iam-post-exploitation.md
carlospolop 6cd2d68471 gcp
2025-11-22 19:35:20 +01:00

1.4 KiB
Raw Blame History

GCP - IAM Post Exploitation

{{#include ../../../banners/hacktricks-training.md}}

IAM

You can find further information about IAM in:

{{#ref}} ../gcp-services/gcp-iam-and-org-policies-enum.md {{#endref}}

Granting access to management console

Access to the GCP management console is provided to user accounts, not service accounts. To log in to the web interface, you can grant access to a Google account that you control. This can be a generic "@gmail.com" account, it does not have to be a member of the target organization.

To grant the primitive role of Owner to a generic "@gmail.com" account, though, you'll need to use the web console. gcloud will error out if you try to grant it a permission above Editor.

You can use the following command to grant a user the primitive role of Editor to your existing project:

Grant Editor role to user 
gcloud projects add-iam-policy-binding [PROJECT] --member user:[EMAIL] --role roles/editor

If you succeeded here, try accessing the web interface and exploring from there.

This is the highest level you can assign using the gcloud tool.

{{#include ../../../banners/hacktricks-training.md}}

Reference in New Issue View Git Blame Copy Permalink