AWS - CodeBuild Upatikanaji Bila Uthibitisho

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

• Angalia the subscription plans!
• Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
• Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.

CodeBuild

Kwa habari zaidi angalia ukurasa huu:

AWS - Codebuild Enum

buildspec.yml

Ikiwa utapata upatikanaji wa kuandika kwenye repository inayojumuisha faili iitwayo buildspec.yml, unaweza backdoor faili hii, ambayo inaelezea commands that are going to be executed ndani ya mradi wa CodeBuild na exfiltrate the secrets, compromise kile kinachofanywa na pia compromise the CodeBuild IAM role credentials.

Kumbuka kwamba hata kama hakuna faili buildspec.yml, lakini unajua Codebuild inatumiwa (au CI/CD tofauti), modifying some legit code ambayo itatekelezwa pia inaweza kukupatia reverse shell kwa mfano.

Kwa taarifa zinazohusiana unaweza angalia ukurasa kuhusu jinsi ya kushambulia Github Actions (sawa na hili):

Abusing Github Actions

Self-hosted GitHub Actions runners in AWS CodeBuild

Kama indicated in the docs, inawezekana kusanidi CodeBuild ili kuendesha self-hosted Github actions wakati workflow inapotekelezwa ndani ya Github repo iliyosanidiwa. Hii inaweza kutambuliwa kwa kukagua configuration ya mradi wa CodeBuild kwa sababu Event type inahitaji kuwa na: WORKFLOW_JOB_QUEUED na katika Github Workflow kwa sababu itachagua self-hosted runner kama ifuatavyo:

runs-on: codebuild-<project-name>-${{ github.run_id }}-${{ github.run_attempt }}

Uhusiano mpya huu kati ya Github Actions na AWS unaunda njia nyingine ya compromise AWS kutoka Github, kwani code katika Github itaendeshwa katika CodeBuild project yenye IAM role imeambatishwa.

Tip

Jifunze na ufanye mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Saidia HackTricks

• Angalia the subscription plans!
• Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
• Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.