本文主要介绍谷歌云对象存储攻防的方式
1、存储桶配置错误-公开访问
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109552-774695-1.png)
当创建的存储桶配置了allUsers拥有GCS对象的读取权限时,该存储桶可以被任何用户公开访问
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109567-850536-2.png)
2、Bucket爆破
当不存在时访问会提示NoSuchBucket
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109574-141830-3.png)
当存在时会出在下面情况,公开访问和拒绝访问
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109579-10173-4.png)
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109605-185553-5.png)
3、Bucket Object 遍历
当对allUsers配置了Storage Object Viewer 或者Storage Legacy Bucket Reader权限时就会将存储桶内容遍历出来并且可以读文件内容
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109666-132764-7.png)
4、任意文件上传和覆盖
当存储桶配置了allUsers拥有 Storage Legacy Bucket Owner、Storage Object Admin或者Storage Legacy Bucket Writer 权限时,任何用户都可以上传任意文件到存储桶并覆盖已经存在的文件
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109677-204456-8.png)
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109680-177733-9.png)
5、SERVICE ACCOUNT泄漏
- Github代码中泄露
- 网站JS代码
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109739-373077-10.png)
6、Bucket IAM 策略可写
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109753-435373-11.png)
访问权限控制为统一时,对象访问权限完全由存储桶级权限 (IAM) 进行控制
直接访问存储桶发现AccessDenied
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109759-958336-12.png)
查看Bucket IAM策略
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109774-813560-13.png)
上图标识部分表示所有的谷歌认证用户都有权有权获取和设置任意 IAM 策略,通过gsutil去修改IAM策略
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109781-474342-14.png)
再次去访问存储桶
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109786-799767-15.png)
7、Object ACL可写
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109798-150181-16.png)
访问存储桶对象时提示AccessDenied
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646109805-208730-17.png)
当访问权限控制为精细控制时,查看Object ACL,发现所有谷歌认证用户都能修改Object ACL
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646110042-7324-18.png)
gsutil acl ch -u allUsers:R gs://new2_test/1.txt
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646110049-171277-19.png)
修改ACL后任何用户都可以访问
![](https://huoxian-community.oss-cn-beijing.aliyuncs.com/2022-03-01/1646110056-459678-21.png)
六大云存储攻击文章:
阿里云 OSS对象存储攻防(UzJu):https://zone.huoxian.cn/d/918-oss
Aws S3 对象存储攻防(TeamsSix):https://zone.huoxian.cn/d/907-aws-s3