AWS - CodeBuild Post Exploitation

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

CodeBuild

For more information, check:

AWS - Codebuild Enum

Check Secrets

If credentials have been set in Codebuild to connect to Github, Gitlab or Bitbucket in the form of personal tokens, passwords or OAuth token access, these akreditivi će biti pohranjeni kao tajne u menadžeru tajni. Therefore, if you have access to read the secret manager you will be able to get these secrets and pivot to the connected platform.

AWS - Secrets Manager Privesc

Abuse CodeBuild Repo Access

In order to configure CodeBuild, it will need pristup repozitorijumu koda koji će koristiti. Several platforms could be hosting this code:

The CodeBuild projekat mora imati pristup konfigurisanom provajderu izvora, bilo putem IAM uloge ili sa github/bitbucket tokenom ili OAuth pristupom.

An attacker with elevated permissions in over a CodeBuild could abuse this configured access to leak the code of the configured repo and others where the set creds have access. In order to do this, an attacker would just need to promeniti URL repozitorijuma na svaki repozitorijum kojem konfigurisanih akreditiva imaju pristup (note that the aws web will list all of them for you):

And promeniti Buildspec komande da exfiltrira svaki repozitorijum.

However, this zadatak je ponavljajući i zamoran and if a github token was configured with write permissions, an attacker neće moći da (zlo)upotrebi te dozvole as he doesn't have access to the token. Or does he? Check the next section

Leaking Access Tokens from AWS CodeBuild

You can leak access given in CodeBuild to platforms like Github. Check if any access to external platforms was given with:

aws codebuild list-source-credentials

AWS Codebuild - Token Leakage

`codebuild:DeleteProject`

Napadač bi mogao da obriše ceo CodeBuild projekat, uzrokujući gubitak konfiguracije projekta i utičući na aplikacije koje se oslanjaju na projekat.

aws codebuild delete-project --name <value>

Potencijalni uticaj: Gubitak konfiguracije projekta i prekid usluge za aplikacije koje koriste obrisani projekat.

`codebuild:TagResource` , `codebuild:UntagResource`

Napadač bi mogao da doda, izmeni ili ukloni oznake sa CodeBuild resursa, ometajući alokaciju troškova vaše organizacije, praćenje resursa i politike kontrole pristupa zasnovane na oznakama.

aws codebuild tag-resource --resource-arn <value> --tags <value>
aws codebuild untag-resource --resource-arn <value> --tag-keys <value>

Potencijalni uticaj: Poremećaj alokacije troškova, praćenja resursa i politika kontrole pristupa zasnovanih na oznakama.

`codebuild:DeleteSourceCredentials`

Napadač bi mogao da obriše izvorne akreditive za Git repozitorijum, što bi uticalo na normalno funkcionisanje aplikacija koje se oslanjaju na repozitorijum.

aws codebuild delete-source-credentials --arn <value>

Potencijalni uticaj: Poremećaj normalnog funkcionisanja aplikacija koje se oslanjaju na pogođeni repozitorijum zbog uklanjanja izvornih kredencijala.

Podržite HackTricks

Proverite planove pretplate!
Pridružite se 💬 Discord grupi ili telegram grupi ili pratite nas na Twitteru 🐦 @hacktricks_live.
Podelite hakerske trikove slanjem PR-ova na HackTricks i HackTricks Cloud github repozitorijume.

PreviousAWS - CloudFront Post Exploitation NextAWS Codebuild - Token Leakage

Last updated 3 days ago

CodeBuild

Check Secrets

Abuse CodeBuild Repo Access

Leaking Access Tokens from AWS CodeBuild

codebuild:DeleteProject

codebuild:TagResource , codebuild:UntagResource

codebuild:DeleteSourceCredentials

CodeBuild

Check Secrets

Abuse CodeBuild Repo Access

Leaking Access Tokens from AWS CodeBuild

codebuild:DeleteProject

codebuild:TagResource , codebuild:UntagResource

codebuild:DeleteSourceCredentials

`codebuild:DeleteProject`

`codebuild:TagResource` , `codebuild:UntagResource`

`codebuild:DeleteSourceCredentials`

`codebuild:DeleteProject`

`codebuild:TagResource` , `codebuild:UntagResource`

`codebuild:DeleteSourceCredentials`