Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
For information about App Engine check:
{% content-ref url="../gcp-services/gcp-app-engine-enum.md" %} gcp-app-engine-enum.md {% endcontent-ref %}
appengine.memcache.addKey
| appengine.memcache.list
| appengine.memcache.getKey
| appengine.memcache.flush
With these permissions it's possible to:
- Add a key
- List keys
- Get a key
- Delete
{% hint style="danger" %} However, I couldn't find any way to access this information from the cli, only from the web console where you need to know the Key type and the Key name, of from the app engine running app.
If you know easier ways to use these permissions send a Pull Request! {% endhint %}
With this permission it's possible to see the logs of the App:
gcloud app logs tail -s <name>
The source code of all the versions and services are stored in the bucket with the name staging.<proj-id>.appspot.com
. If you have write access over it you can read the source code and search for vulnerabilities and sensitive information.
Modify source code to steal credentials if they are being sent or perform a defacement web attack.
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.