From 8cdd0b7dc1fa3fd4dc3f8db6c96d0f7e4e611e9b Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Sat, 9 Mar 2024 15:08:21 +0000
Subject: [PATCH] GITBOOK-596: change request with no subject merged in GitBook

---
 .../gcp-security/gcp-persistence/gcp-non-svc-persistance.md     | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pentesting-cloud/gcp-security/gcp-persistence/gcp-non-svc-persistance.md b/pentesting-cloud/gcp-security/gcp-persistence/gcp-non-svc-persistance.md
index 173aa332de..237521654c 100644
--- a/pentesting-cloud/gcp-security/gcp-persistence/gcp-non-svc-persistance.md
+++ b/pentesting-cloud/gcp-security/gcp-persistence/gcp-non-svc-persistance.md
@@ -40,6 +40,8 @@ sqlite3 ./.config/gcloud/credentials.db "select value from credentials where acc
 ```
 {% endcode %}
 
+It's also possible to find refresh tokens in **`$HOME/.config/gcloud/application_default_credentials.json`** and in **`$HOME/.config/gcloud/legacy_credentials/*/adc.json`**.
+
 To get a new refreshed access token with the **refresh token**, client ID, and client secret run:
 
 {% code overflow="wrap" %}