HackTricks CloudDO - Apps
Reading time: 3 minutes
tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: 
HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: 
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Basic Information
From the docs: App Platform ni huduma ya Platform-as-a-Service (PaaS) inayowezesha wabunifu kuchapisha msimbo moja kwa moja kwenye seva za DigitalOcean bila wasiwasi kuhusu miundombinu ya chini.
Unaweza kuendesha msimbo moja kwa moja kutoka github, gitlab, docker hub, DO container registry (au programu ya mfano).
Unapofafanua env var unaweza kuipanga kama encrypted. Njia pekee ya retreive thamani yake ni kutekeleza commands ndani ya mwenyeji anayekimbia programu.
App URL inaonekana kama hii https://dolphin-app-2tofz.ondigitalocean.app
Enumeration
doctl apps list # You should get URLs here
doctl apps spec get <app-id> # Get yaml (including env vars, might be encrypted)
doctl apps logs <app-id> # Get HTTP logs
doctl apps list-alerts <app-id> # Get alerts
doctl apps list-regions # Get available regions and the default one
caution
Apps haina metadata endpoint
RCE & Encrypted env vars
Ili kutekeleza msimbo moja kwa moja ndani ya kontena linalotekeleza App, utahitaji kupata kwenye console na uende https://cloud.digitalocean.com/apps/<app-id>/console/<app-name>.
Hii itakupa shell, na kwa kutekeleza tu env utaweza kuona mabadiliko yote ya env (ikiwemo yale yaliyoainishwa kama encrypted).
tip
Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.