Try Hack me — Advent Of Cyber 2023 Day 21 Write Up — Yule be Poisoned: A Pipeline of Insecure Code!
2024-1-14 19:24:2 Author: infosecwriteups.com(查看原文) 阅读量:14 收藏

Leendert Coenen

InfoSec Write-ups

Room: Advent of Cyber 2023 Day 21

Try Hack me — Advent Of Cyber 2023 Day 21 Write Up — Yule be Poisoned: A Pipeline of Insecure Code!

CI/CD PPE, Continuous Integration, Continuous Deployment, Poisoned Pipeline Execution.

Continuing the story from the past 2 days.

After all, the automation in gift-giving, wrapping, and crafting is the reason why BestFestivalCompany bought Antarcticraft.

The printscreens can be a bit different layout wise. Because I couldn’t get GIT to work on my attackbox on the first try. Due to some credential issues, like missing E-mail address.

What needed to be done was the following command:

git config --global user.email "<>"
# <> Means empty
git config --global user.name "Something"
Git user config

There are also different IP’s, because the machines kept going down. I suppose due to rush hour.

Task 1: What Linux kernel version is the Jenkins node?

We find 2 repositories in the Git system of AntarctiCrafts.

The two repositories
Homepage Git system Antarcticraft

Let’s clone the gift-wrapper repo to our machine.

Cloning gift-wrapper repo

With Nano we can see the pipeline and change the “steps” to “whoami”

nano Jenkinsfile
Adding the Jenkins file to the Git repo

Adding the files to the repo.

commit failure

Unfortunatly we are restricted from pushing code to this repo. So let’s inspect the pipeline code!

Cloning gift-wrapper-pipeline repo

Here we find a file “Makefile”, that can execute commands during the build.

Let’s execute the command uname, to find out which Linux kernel version the Jenkins node is running on.

Changing MakeFile

Push the pipeline to the repo.

Push the pipeline to the repo

One thing I like to add here, is that I always created a new file in the repo. Just changing the Makefile did not give me any changes to commit for some reason.

Check the console output of the new pipeline build.

Console output pipeline
Answer to Task 1

And there we have it! The command was executed during the build.

Task 2: What value is found from /var/lib/jenkins/secret.key?

For task 2 we are doing the same thing, but with a different command!

Nano Makefile a 2nd time

And there is the answer to Task 2!

Happy Hacking!

💡 If you want to stay updated with what I’m working on. Follow me and Subscribe! 🔔

Medium LinkedInTwitter Substack


文章来源: https://infosecwriteups.com/try-hack-me-advent-of-cyber-2023-day-21-write-up-yule-be-poisoned-a-pipeline-of-insecure-code-bb8e1ecbf2cb?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh