AWS - Codepipeline Privesc

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Angalia the subscription plans!

Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.

Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

codepipeline

Kwa maelezo zaidi kuhusu codepipeline angalia:

AWS - DataPipeline, CodePipeline & CodeCommit Enum

`iam:PassRole`, `codepipeline:CreatePipeline`, `codebuild:CreateProject, codepipeline:StartPipelineExecution`

Unapotengeneza code pipeline unaweza kubainisha codepipeline IAM Role to run, kwa hivyo unaweza kuzipata.

Mbali na ruhusa zilizotajwa hapo juu utahitaji ufikiaji kwenye mahali ambapo code imehifadhiwa (S3, ECR, github, bitbucket…)

Nilijaribu hili nikiwa kwenye ukurasa wa wavuti; ruhusa zilizotajwa hapo juu si zile za List/Get zinazohitajika kuunda codepipeline, lakini kwa kuunda kupitia wavuti pia utahitaji: codebuild:ListCuratedEnvironmentImages, codebuild:ListProjects, codebuild:ListRepositories, codecommit:ListRepositories, events:PutTargets, codepipeline:ListPipelines, events:PutRule, codepipeline:ListActionTypes, cloudtrail:<several>

Wakati wa kuunda build project unaweza kubainisha command to run (rev shell?) na kuendesha build phase kama privileged user, hiyo ndiyo configuration mshambuliaji anahitaji kuzipata:

?`codebuild:UpdateProject, codepipeline:UpdatePipeline, codepipeline:StartPipelineExecution`

Inaweza kuwa inawezekana kubadilisha role inayotumika na command inayotekelezwa kwenye codepipeline ukitumia ruhusa zilizotajwa hapo juu.

`codepipeline:pollforjobs`

AWS mentions:

Wakati API hii inapoitwa, CodePipeline hurejesha temporary credentials for the S3 bucket inayotumika kuhifadhi artifacts za pipeline, ikiwa action inahitaji ufikiaji wa S3 bucket hiyo kwa input au output artifacts. API hii pia hurejesha any secret values defined for the action.

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

Angalia the subscription plans!

Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.

Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

HackTricks Cloud

AWS - Codepipeline Privesc

codepipeline

iam:PassRole, codepipeline:CreatePipeline, codebuild:CreateProject, codepipeline:StartPipelineExecution

?codebuild:UpdateProject, codepipeline:UpdatePipeline, codepipeline:StartPipelineExecution

codepipeline:pollforjobs

`iam:PassRole`, `codepipeline:CreatePipeline`, `codebuild:CreateProject, codepipeline:StartPipelineExecution`

?`codebuild:UpdateProject, codepipeline:UpdatePipeline, codepipeline:StartPipelineExecution`

`codepipeline:pollforjobs`