Try Hack me — Advent Of Cyber 2023 Day 21 Write Up — Yule be Poisoned: A Pipeline of Insecure Code!
Room: Advent of Cyber 2023 Day 21
CI/CD PPE, Continuous Integration, Continuous Deployment, Poisoned Pipeline Execution.
Continuing the story from the past 2 days.
After all, the automation in gift-giving, wrapping, and crafting is the reason why BestFestivalCompany bought Antarcticraft.
The printscreens can be a bit different layout wise. Because I couldn’t get GIT to work on my attackbox on the first try. Due to some credential issues, like missing E-mail address.
What needed to be done was the following command:
git config --global user.email "<>"
# <> Means empty
git config --global user.name "Something"
There are also different IP’s, because the machines kept going down. I suppose due to rush hour.
Task 1: What Linux kernel version is the Jenkins node?
We find 2 repositories in the Git system of AntarctiCrafts.
Let’s clone the gift-wrapper repo to our machine.
With Nano we can see the pipeline and change the “steps” to “whoami”
Adding the files to the repo.
Unfortunatly we are restricted from pushing code to this repo. So let’s inspect the pipeline code!
Here we find a file “Makefile”, that can execute commands during the build.
Let’s execute the command uname, to find out which Linux kernel version the Jenkins node is running on.
Push the pipeline to the repo.
One thing I like to add here, is that I always created a new file in the repo. Just changing the Makefile did not give me any changes to commit for some reason.
Check the console output of the new pipeline build.
And there we have it! The command was executed during the build.
Task 2: What value is found from /var/lib/jenkins/secret.key?
For task 2 we are doing the same thing, but with a different command!
And there is the answer to Task 2!
Happy Hacking!
💡 If you want to stay updated with what I’m working on. Follow me and Subscribe! 🔔
