[Day 14] Networking Dev(Insecure)Ops | Advent of Cyber 3 (2021)
Today we learn about DevOps and How it will be risky. In this topic Team Dev using a CI/CD server to automatically push out updates to the server, but the CI/CD server has been compromised.
CI: Continuous Integration is the process in which software source code is kept in a central repository (such as GitHub). All changes are stored in this central repository to avoid ending up with different versions of the same code.
CD: Continuous Delivery is the following (sometimes integral) step of the continuous integration model where code is automatically deployed to the test, pre-production, or production environments. CD is sometimes used as an acronym for “Continuous Deployment”
Let’s break the automation..
#How many pages did the dirb scan find with its default wordlist?
# How many scripts do you see in the /home/thegrinch/scripts folder?
# What are the five characters following $6$G in pepper’s password hash?
Modified the loot.sh file, which is it will be executed by cronjobs.
Open the link <ip>/shadow.txt, make sure you type the right path (/var/www/html/)
# What is the content of the flag.txt file on the Grinch’s user’s desktop?
From task above, there are some vulnerability and misconfiguration in CI/CD flow, the following is a list of that logic flaws:
- Folder permissions that were too lax: The low privileged McSkidy user could write to the Grinch’s “loot” folder.
- File permissions were misconfigured: The low privileged McSkidy user could change the contents of the loot.sh script.
- Improper key protection: In this example, Grinch’s password can be seen as the secret key used to connect CI/CD components. If the key can be read from a configuration file, the attacker can reuse this key to their advantage.
- Installation was not secure: cronjobs were regularly running tasks without any controls for unauthorized changes. As you may have read in sector news, a similar lack of controls has led to the release of backdoored software
Keep making your automation flow be secure and be aware with the risk.