|
|
|
|
|
|
by Rotten194
2133 days ago
|
|
|
GCE uses this tool to allow a central metadata server to manage users: https://github.com/GoogleCloudPlatform/guest-agent#account-m... The host VM had this running. Since they had access to the host's network (due to running in a `--network=host` container), they were able to spoof the response from the metadata server to say a new user should be added to `.authorized_keys`, with their supplied public key. The guest agent automatically adds the new users to the `sudoers` group, also giving them sudo access. |
|
|