DO - Droplets
Basic Information
In DigitalOcean, a "droplet" is a virtual private server (VPS) that can be used to host websites and applications. A droplet is a pre-configured package of computing resources, including a certain amount of CPU, memory, and storage, that can be quickly and easily deployed on DigitalOcean's cloud infrastructure.
You can select from common OS, to applications already running (such as WordPress, cPanel, Laravel...), or even upload and use your own images.
Droplets support User data scripts.
Authentication
For authentication it's possible to enable SSH through username and password (password defined when the droplet is created). Or select one or more of the uploaded SSH keys.
Firewall
By default droplets are created WITHOUT A FIREWALL (not like in oder clouds such as AWS or GCP). So if you want DO to protect the ports of the droplet (VM), you need to create it and attach it.
More info in:
pageDO - NetworkingEnumeration
Droplets have metadata endpoints, but in DO there isn't IAM or things such as role from AWS or service accounts from GCP.
RCE
With access to the console it's possible to get a shell inside the droplet accessing the URL: https://cloud.digitalocean.com/droplets/<droplet-id>/terminal/ui/
It's also possible to launch a recovery console to run commands inside the host accessing a recovery console in https://cloud.digitalocean.com/droplets/<droplet-id>/console
(but in this case you will need to know the root password).
Last updated