hacktricks-cloud/pentesting-cloud/workspace-security/gws-workspace-sync-attacks-gcpw-gcds-gps-directory-sync-with-ad-and-entraid

GWS - Workspace Sync Attacks (GCPW, GCDS, GPS, Directory Sync with AD & EntraID)

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

GCPW - Google Credential Provider for Windows

This is the single sign-on that Google Workspaces provides so users can login in their Windows PCs using their Workspace credentials. Moreover, this will store tokens to access Google Workspace in some places in the PC: Disk, memory & the registry... it's even possible to obtain the clear text password.

{% hint style="success" %} Note that Winpeas is capable to detect GCPW, get information about the configuration and even tokens. {% endhint %}

Find more information about this in:

{% content-ref url="gcpw-google-credential-provider-for-windows.md" %} gcpw-google-credential-provider-for-windows.md {% endcontent-ref %}

GCSD - Google Cloud Directory Sync

This is a tool that can be used to sync your active directory users and groups to your Workspace (and not the other way around by the time of this writing).

It's interesting because it's a tool that will require the credentials of a Workspace superuser and privileged AD user. So, it might be possible to find it inside a domain server that would be synchronising users from time to time.

{% hint style="success" %} Note that Winpeas is capable to detect GCDS, get information about the configuration and even the passwords and encrypted credentials. {% endhint %}

Find more information about this in:

{% content-ref url="gcds-google-cloud-directory-sync.md" %} gcds-google-cloud-directory-sync.md {% endcontent-ref %}

GPS - Google Password Sync

This is the binary and service that Google offers in order to keep synchronized the passwords of the users between the AD and Workspace. Every-time a user changes his password in the AD, it's set to Google.

It gets installed in C:\Program Files\Google\Password Sync where you can find the binary PasswordSync.exe to configure it and password_sync_service.exe (the service that will continue running).

{% hint style="success" %} Note that Winpeas is capable to detect GPS, get information about the configuration and even the passwords and encrypted credentials. {% endhint %}

Find more information about this in:

{% content-ref url="gps-google-password-sync.md" %} gps-google-password-sync.md {% endcontent-ref %}

Admin Directory Sync

The main difference between this way to synchronize users with GCDS is that GCDS is done manually with some binaries you need to download and run while Admin Directory Sync is serverless managed by Google in https://admin.google.com/ac/sync/externaldirectories.

Find more information about this in:

{% content-ref url="gws-admin-directory-sync.md" %} gws-admin-directory-sync.md {% endcontent-ref %}

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}