Article by Chris Moberly.

Google Cloud CLI

Extracted from the GitLab blog post "Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments" by Chris Moberly

It is likely that the box you land on will have the GCP SDK tools installed and configured. A quick way to verify that things are set up is to run the following command:

gcloud config list

If properly configured, you should get some output detailing the current service account and project in use.

The gcloud command set is pretty extensive, supports tab completion, and has excellent online and built-in documentation. You can also install it locally on your own machine and use it with credential data that you obtain. Cloud APIs

The gcloud command is really just a way of automating Google Cloud API calls. However, you can also perform them manually. Understanding the API endpoints and functionality can be very helpful when you're operating with a very specific set of permissions, and trying to work out exactly what you can do.

You can see what the raw HTTP API call for any individual gcloud command is simply by appending --log-http to the command.