Infiltrate GCP via WebApp Exploitation

This intermediate-level lab involves getting hands on with web exploitation to compromise the application, underlying host and cloud environment. You'll infiltrate the GCP environment, gain situational awareness and abuse dangerous permissions, learning new tricks along the way!

Our team has landed a new engagement. The global retailer client has provided us with a list of IP addresses mapped to their deployed prod and dev applications. These applications are currently accessible from any of their 2000 store locations. In-scope is the application and any other resources and environments owned by the client that you are able to access.

• Familiarity with web exploitation
• Familiarity with Google Cloud

• Leverage SQL injection to gain command execution
• Identify service account credentials in instance metadata
• Identify dangerous GCP permissions
• Gain situational awareness using Cloud Asset Inventory
• Create HMAC keys to move laterally
• Leverage predictable GCP bucket naming conventions

Web applications are commonly deployed in the cloud, using a variety of resource types. Any vulnerabilities that might be present could allow us to compromise the web application, the underlying resources and potentially the wider cloud environment. The scenario also showcases a dangeroud GCP permission that can be used for lateral movement, as well as leveraging an insecure GCP design decision.