DO - Apps

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Basic Information

From the docs: App Platform is a Platform-as-a-Service (PaaS) offering that allows developers to publish code directly to DigitalOcean servers without worrying about the underlying infrastructure.

You can run code directly from github, gitlab, docker hub, DO container registry (or a sample app).

When defining an env var you can set it as encrypted. The only way to retreive its value is executing commands inside the host runnig the app.

An App URL looks like this https://dolphin-app-2tofz.ondigitalocean.app

Enumeration

doctl apps list # You should get URLs here
doctl apps spec get <app-id> # Get yaml (including env vars, might be encrypted)
doctl apps logs <app-id> # Get HTTP logs
doctl apps list-alerts <app-id> # Get alerts
doctl apps list-regions # Get available regions and the default one

Apps doesn't have metadata endpoint

RCE & Encrypted env vars

To execute code directly in the container executing the App you will need access to the console and go to https://cloud.digitalocean.com/apps/<app-id>/console/<app-name>.

That will give you a shell, and just executing env you will be able to see all the env vars (including the ones defined as encrypted).

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousDO - Services NextDO - Container Registry

Last updated 4 months ago