DO - Apps

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Basic Information

From the docs: App Platform is a Platform-as-a-Service (PaaS) offering that allows developers to publish code directly to DigitalOcean servers without worrying about the underlying infrastructure.

You can run code directly from github, gitlab, docker hub, DO container registry (or a sample app).

When defining an env var you can set it as encrypted. The only way to retreive its value is executing commands inside the host runnig the app.

An App URL looks like this https://dolphin-app-2tofz.ondigitalocean.app

Enumeration

doctl apps list # You should get URLs here
doctl apps spec get <app-id> # Get yaml (including env vars, might be encrypted)
doctl apps logs <app-id> # Get HTTP logs
doctl apps list-alerts <app-id> # Get alerts
doctl apps list-regions # Get available regions and the default one

Apps doesn't have metadata endpoint

RCE & Encrypted env vars

To execute code directly in the container executing the App you will need access to the console and go to https://cloud.digitalocean.com/apps/<app-id>/console/<app-name>.

That will give you a shell, and just executing env you will be able to see all the env vars (including the ones defined as encrypted).

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Last updated