Skip to content

Intermediate Lab red team icon   GCP

Escalate GCP privileges with Implicit Delegation

Escalate your privileges by leveraging both the implicitDelegation privilege and the Service Account Token Creator role, and then enumerate and learn about GCP Cloud Functions!

Scenario

A GCP service account key has been found leaked on Pastebin after some time... and the client has asked for our help to identify the blast radius and potential impact of the compromised account. Your objective is to see if you can escalate privileges from this service account and access sensitive data.

Lab prerequisites
  • Proficiency in basic Linux command-line operations
  • Familiarity with GCP IAM concepts
Learning outcomes
  • Enumerating IAM permissions in GCP
  • Move laterally by abusing implicitDelegation
  • Leverage the Service Account Token Creator role to escalate privileges
  • Explore Google Cloud Functions and associated storage
Real-world context

Implicit delegation and create token privileges in Google Cloud Platform (GCP) allow applications to act on behalf of other service accounts without explicit consent for every action. However, if not carefully managed, it can pose a security threat. Unauthorized access to service accounts or credentials with implicit delegation privileges could lead to data breaches, resource tampering, or privilege escalation. Organizations must restrict and monitor these privileges closely to mitigate risks effectively.

platform mock(1)

Cloud Security Training To Protect Your Business

Pwned Labs for Business gives your team access to dedicated business content, including labs and cyber ranges.

We also offer in-person or remote workshops, and our cloud penetration services are helping businesses become more secure!