Open in app

Sign in

Write

Sign in

[Day 14] Networking Dev(Insecure)Ops | Advent of Cyber 3 (2021)

Febi Mudiyanto
3 min readDec 14, 2021

Today we learn about DevOps and How it will be risky. In this topic Team Dev using a CI/CD server to automatically push out updates to the server, but the CI/CD server has been compromised.

CI: Continuous Integration is the process in which software source code is kept in a central repository (such as GitHub). All changes are stored in this central repository to avoid ending up with different versions of the same code.

CD: Continuous Delivery is the following (sometimes integral) step of the continuous integration model where code is automatically deployed to the test, pre-production, or production environments. CD is sometimes used as an acronym for “Continuous Deployment”

Let’s break the automation..

#How many pages did the dirb scan find with its default wordlist?

4

# How many scripts do you see in the /home/thegrinch/scripts folder?

4

# What are the five characters following $6$G in pepper’s password hash?

ZUP42

Modified the loot.sh file, which is it will be executed by cronjobs.

Open the link <ip>/shadow.txt, make sure you type the right path (/var/www/html/)

# What is the content of the flag.txt file on the Grinch’s user’s desktop?

DI3H4rdIsTheBestX-masMovie!

Conclusion

From task above, there are some vulnerability and misconfiguration in CI/CD flow, the following is a list of that logic flaws:

  • Folder permissions that were too lax: The low privileged McSkidy user could write to the Grinch’s “loot” folder.
  • File permissions were misconfigured: The low privileged McSkidy user could change the contents of the loot.sh script.
  • Improper key protection: In this example, Grinch’s password can be seen as the secret key used to connect CI/CD components. If the key can be read from a configuration file, the attacker can reuse this key to their advantage.
  • Installation was not secure: cronjobs were regularly running tasks without any controls for unauthorized changes. As you may have read in sector news, a similar lack of controls has led to the release of backdoored software

Keep making your automation flow be secure and be aware with the risk.

Thanks

Tryhackme
Tryhackme Walkthrough
DevOps

--

--

Febi Mudiyanto

Written by Febi Mudiyanto

438 Followers

Just a Learner and CTFs Player on a quite night.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams