AWS - Codebuild Enum

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

CodeBuild

AWS CodeBuild inatambuliwa kama huduma ya ushirikiano wa kuendelea inayosimamiwa kikamilifu. Kusudi kuu la huduma hii ni kuharakisha mfuatano wa kukusanya msimbo wa chanzo, kutekeleza majaribio, na kufunga programu kwa ajili ya matumizi ya kutekeleza. Faida kuu inayotolewa na CodeBuild inapatikana katika uwezo wake wa kupunguza hitaji la watumiaji kutoa, kusimamia, na kupanua seva zao za kujenga. Urahisi huu unatokana na ukweli kwamba huduma yenyewe inasimamia kazi hizi. Vipengele muhimu vya AWS CodeBuild vinajumuisha:

Huduma Inayosimamiwa: CodeBuild inasimamia na kupanua seva za kujenga, ikiwatoa watumiaji kwenye matengenezo ya seva.
Ushirikiano wa Kuendelea: Inashirikiana na mchakato wa maendeleo na utekelezaji, ikiharakisha hatua za kujenga na majaribio ya mchakato wa kutolewa kwa programu.
Uzalishaji wa Kifurushi: Baada ya hatua za kujenga na majaribio, inatayarisha vifurushi vya programu, ikifanya kuwa tayari kwa utekelezaji.

AWS CodeBuild inashirikiana kwa urahisi na huduma nyingine za AWS, ikiongeza ufanisi na uaminifu wa mchakato wa CI/CD (Ushirikiano wa Kuendelea/Utekelezaji wa Kuendelea).

Github/Gitlab/Bitbucket Credentials

Default source credentials

Hii ni chaguo la zamani ambapo inawezekana kusanidi baadhi ya ufikiaji (kama token ya Github au programu) ambayo itakuwa inasambazwa kati ya miradi ya codebuild ili miradi yote iweze kutumia seti hii ya akreditivu iliyosanidiwa.

Akreditivu zilizohifadhiwa (tokens, nywila...) zinazosimamiwa na codebuild na hakuna njia ya umma ya kuzirejesha kutoka kwa AWS APIs.

Custom source credential

Kulingana na jukwaa la hifadhi (Github, Gitlab na Bitbucket) chaguzi tofauti zinapatikana. Lakini kwa ujumla, chaguo lolote linalohitaji kuhifadhi token au nywila litahifadhiwa kama siri katika meneja wa siri.

Hii inaruhusu miradi tofauti ya codebuild kutumia ufikiaji tofauti ulio sanidiwa kwa watoa huduma badala ya kutumia tu ile iliyosanidiwa kama chaguo la kawaida.

Enumeration

# List external repo creds (such as github tokens)
## It doesn't return the token but just the ARN where it's located
aws codebuild list-source-credentials

# Projects
aws codebuild list-shared-projects
aws codebuild list-projects
aws codebuild batch-get-projects --names <project_name> # Check for creds in env vars

# Builds
aws codebuild list-builds
aws codebuild list-builds-for-project --project-name <p_name>
aws codebuild list-build-batches
aws codebuild list-build-batches-for-project --project-name <p_name>

# Reports
aws codebuild list-reports
aws codebuild describe-test-cases --report-arn <ARN>

Privesc

In the following page, you can check how to abuse codebuild permissions to escalate privileges:

AWS - Codebuild Privesc

Post Exploitation

AWS - CodeBuild Post Exploitation

Unauthenticated Access

AWS - CodeBuild Unauthenticated Access

References

https://docs.aws.amazon.com/managedservices/latest/userguide/code-build.html

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousAWS - CloudFront Enum NextAWS - Cognito Enum

Last updated 8 days ago