Dylan Ayrey
Dylan Ayrey
Just got around to testing. I was able to use the VM source, but when I go to actually use the SA for commands I'm getting this error when it...
I did provide the bucket name, and both the base identity and the target identity had project editor on the bucket, all of which lived in the same project I...
So here's the output of the command after pulling the latest: ``` gcploit --exploit actas --project bugbountyshinanigans-242522 --target_sa [email protected] --actAsMethod vm --bucket potatoy ************************************************* MAKE SURE YOU GIVE ALL USERS...
I have the correct service account activated: ``` gcloud auth list Credentialed Accounts ACTIVE ACCOUNT * editordeleteme@bugbountyshinanigans-242522.iam.gserviceaccount.com ``` and I confirmed I can write to the bucket: ``` gsutil cp...
Hey Dan! Very recently Google has been making a lot of changes as a result of the talk. One of them is around Dataproc. I haven't had time to actually...
Hmm that one looks like it's trying to create a dataproc cluster which shouldn't happen if you're just using actAs. If some of your SA's were obtained via dataproc exploit...
ahh that looks like a bug, I'll fix that later today probably. Thanks for looking testing it out!
I pushed a change I think fixes, but I didn't test. It'll take a bit for dockerhub to rebuild
DOckerhub is updated!
Okay I'll do a little more testing tonight and get it working.