Google Buckets

Google Buckets are much like Amazon S3 buckets but owned by Google.

Google Buckets are much like Amazon S3 buckets but owned by Google. These buckets are usually protected but may be worth testing to ensure that an attacker does not have access to view/manipulate the data in the bucket.

The bucket details are usually located in the same plist files as the FireBase config. Use the STORAGE_BUCKET value in the following URL to check whether it is accessible. 

https://console.cloud.google.com/storage/browser/<BUCKET_NAME>/o;tab=objects?prefix=&forceOnObjectsSortingFiltering=false
https://www.googleapis.com/storage/v1/b/<BUCKET NAME>/o/

If the bucket is setup correctly the attacker will get the following response:

{

    "error": {
        "code": 401,
        "message": "Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.",
        "errors": [
            {
                "message": "Anonymous caller does not have storage.objects.list access to the Google Cloud Storage bucket.",
                "domain": "global",
                "reason": "required",
                "locationType": "header",
                "location": "Authorization"
            }
        ]
    }

}

If the bucket is vulnerable and has this misconfiguration you should see a list of files as shown in the below response:

{
  "kind": "storage#objects",
  "items": [
    {
      "kind": "storage#object",
      "id": "<BUCKET_NAME>/000a1d72-316c-4966-b1f0-232578fe18d6-executive-summary/1480372714305000",
      "selfLink": "https://www.googleapis.com/storage/v1/b/<BUCKET_NAME>/o/000a1d72-316c-4966-b1f0-232578fe18d6-executive-summary",
      "name": "000a1d72-316c-4966-b1f0-232578fe18d6-executive-summary",
      "bucket": "<BUCKET_NAME>",
      "generation": "1480372714305000",
      "metageneration": "1",
      "contentType": "application/pdf",
      "storageClass": "DURABLE_REDUCED_AVAILABILITY",
      "size": "5005843",
      "md5Hash": "7pqOAGvlnkEr2gfvVqvZKQ==",
      "mediaLink": "https://www.googleapis.com/download/storage/v1/b/<BUCKET_NAME>/o/000a1d72-316c-4966-b1f0-232578fe18d6-executive-summary?generation=1480372714305000&alt=media",
      "crc32c": "3wxk8w==",
      "etag": "COjrlY7CzNACEAE=",
      "timeCreated": "2016-11-28T22:38:34.290Z",
      "updated": "2016-11-28T22:38:34.290Z",
      "timeStorageClassUpdated": "2016-11-28T22:38:34.290Z"
    },
    {
      "kind": "storage#object",
      "id": "<BUCKET_NAME>/00462a01-e652-4781-8494-42c0379b3d44-comp-plan-progress-summary-april-2017/1493327003034000",
      "selfLink": "https://www.googleapis.com/storage/v1/b/<BUCKET_NAME>/o/00462a01-e652-4781-8494-42c0379b3d44-comp-plan-progress-summary-april-2017",
      "name": "00462a01-e652-4781-8494-42c0379b3d44-comp-plan-progress-summary-april-2017",
      "bucket": "<BUCKET_NAME>d",
      "generation": "1493327003034000",
      "metageneration": "1",
      "contentType": "application/pdf",
      "storageClass": "DURABLE_REDUCED_AVAILABILITY",
      "size": "1787830",
      "md5Hash": "ogMtmQAYlusgzS/LlQvq1Q==",
      "mediaLink": "https://www.googleapis.com/download/storage/v1/b/<BUCKET_NAME>/o/00462a01-e652-4781-8494-42c0379b3d44-comp-plan-progress-summary-april-2017?generation=1493327003034000&alt=media",
      "crc32c": "i85dTw==",
      "etag": "CJDDsszExdMCEAE=",
      "timeCreated": "2017-04-27T21:03:23.021Z",
      "updated": "2017-04-27T21:03:23.021Z",
      "timeStorageClassUpdated": "2017-04-27T21:03:23.021Z"
    },

Credit to http://ghostlulz.com/google-cloud-storage/

PreviousApple System Logs (ASL)NextGhidra

Last updated