GCPGoat(ine) GCP CTF solution Module 1-Path 1(abusing storage buckets permissions, privesc to role/owner)

n00🔑
7 min readDec 30, 2022

Hi readers, here we will be solving the GCPGoat module 1(Path 1).

We will be going through the first path in this walk-through as shown in the diagram below.

Video Walk-through:

https://www.youtube.com/watch?v=cM46_c-zxh4

Solving Challenge-

  1. Finding storage buckets being used by web app-

a. In the previous path (https://www.youtube.com/watch?v=dtLg4Z8bHNk&t=498s), we found a GCP storage bucket in save image from url functionality-

https://storage.googleapis.com/function-bucket-747e0118981a6000/images/20221230150416627191.png

Bucket Name: function-bucket-747e0118981a6000

b. Upon checking the burp’s target sitemap

We found one more storage bucket-

--

--