Skip to content

Commit

Permalink
GITBOOK-658: No subject
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlospolop @gitbook-bot
carlospolop authored and gitbook-bot committed Aug 20, 2024
1 parent dcdced1 commit 0f6a0c2
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions ...sting-cloud/gcp-security/gcp-privilege-escalation/gcp-cloudfunctions-privesc.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,12 +66,14 @@ gcloud functions deploy <cloudfunction-name> \
--trigger-http \
--allow-unauthenticated

# If you don't have permissions to change the IAM policy, the "--allow-unauthenticated" will just fail and do nothing

# Get SA token calling the new function code
gcloud functions call <cloudfunction-name>
```

{% hint style="danger" %}
If you get the error `Permission 'run.services.setIamPolicy' denied on resource...` is because you are using the `--allow-unauthenticated` param and you don't have enough permissions for it.
{% endhint %}

The exploit script for this method can be found [here](https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation/blob/master/ExploitScripts/cloudfunctions.functions.update.py).

### `cloudfunctions.functions.sourceCodeSet`
Expand Down

0 comments on commit 0f6a0c2

Please sign in to comment.