GITBOOK-614: No subject

pentesting-cloud/gcp-security/gcp-privilege-escalation/gcp-storage-privesc.md

@@ -51,6 +51,7 @@ gsutil hmac create <sa-email>
 
 # Configure gsutil to use it
 gsutil config -a
+gcloud config set pass_credentials_to_gsutil false
 
 # Use it
 gsutil ls gs://[BUCKET_NAME]

pentesting-cloud/gcp-security/gcp-services/gcp-storage-enum.md

@@ -52,7 +52,7 @@ By default objects are **encrypted using Google managed keys**, but you could al
 
 ### Public Access
 
-It's possible to give **external users** (logged in GCP or not) **access to buckets content**. \
+It's possible to give **external users** (logged in GCP or not) **access to buckets content**.\
 By default, when a bucket is created, it will have **disabled the option to expose publicly** the bucket, but with enough permissions the can be changed.
 
 The **format of an URL** to access a bucket is **`https://storage.googleapis.com/<bucket-name>` or `https://<bucket_name>.storage.googleapis.com`** (both are valid).
@@ -101,6 +101,10 @@ curl -H "Authorization: Bearer $TOKEN" "https://storage.googleapis.com/storage/v
 
 # Enumerate HMAC keys
 gsutil hmac list
+
+# Get permissions
+gcloud storage buckets get-iam-policy gs://bucket-name/
+gcloud storage objects get-iam-policy gs://bucket-name/folder/object
 ```
 
 If you get a permission denied error listing buckets you may still have access to the content. So, now that you know about the name convention of the buckets you can generate a list of possible names and try to access them: