gcploit
gcploit copied to clipboard
dxa4481
These are tools we released with our 2020 defcon/blackhat talk https://www.youtube.com/watch?v=Ml09R38jpok
Bumps [mitmproxy](https://github.com/mitmproxy/mitmproxy) from 5.1.1 to 8.0.0. Release notes Sourced from mitmproxy's releases. v8.0.0 Check out our release announcement blog post! 🎉 You can find the latest release packages at https://mitmproxy.org/downloads/....
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Currently, the bfs.py has 18 elements inside the dangerous_permissions list, sending 18 permissions at once to the analyzeIamPolicy causes an INVALID_ARGUMENT status. In order to troubleshoot the error, I modified...
More just leaving this here for historical purposes, as it has a dependency on the Compute PR. This PR takes advantage of the `worker_harness_container_image` parameter for Dataflow, assuming that a...
This PR supports lateral movement for users with Service Account User + Compute User. The tactic here is to mount compute instances with startup scripts that recurrently pull from the...
I ran into an API limitation, where one could only send 10 permissions at a time (by default, at least), leading to the following error message: `{"error": {"code": 400, "message":...
Hello, it says in the readme: `Now if you run gcloud --list if all went well you should see a bunch of new service accounts you took control of through...
I think a guide of how to use the `dataproc` exploit mught be a great addition. In the defcon talk, the dataproc exploit is started by using an already captured...
Function deployments require the cloud build api to be enabled. If possible, part of the steps in actas should be to make sure the api is enabled. Additionally with Dataproc,...
I got 404 for the following request following readme step `python bfs.py --org_id --source ` (line 59 in bfs.py) ``` res = requests.post("https://cloudasset.googleapis.com/v1p4beta1/organizations/{}:analyzeIamPolicy".format(org), headers=headers, json=JSON_REQUEST) ``` I get 400 if...
