gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-04 00:37:04 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['.github/pull_request_template.md', 'src/pentesting-cloud/az

Browse Source
This commit is contained in:
Translator
2024-12-31 19:02:02 +00:00
parent 7770a50092
commit 2753c75e8b
244 changed files with 8471 additions and 11302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-apps.md
View File

@@ -2,18 +2,17 @@
{{#include ../../../banners/hacktricks-training.md}}
## Basic Information
## Basiese Inligting
[From the docs:](https://docs.digitalocean.com/glossary/app-platform/) App Platform is a Platform-as-a-Service (PaaS) offering that allows developers to **publish code directly to DigitalOcean** servers without worrying about the underlying infrastructure.
[Uit die dokumentasie:](https://docs.digitalocean.com/glossary/app-platform/) App Platform is 'n Platform-as-a-Service (PaaS) aanbod wat ontwikkelaars in staat stel om **kode direk na DigitalOcean** bedieners te **publiseer** sonder om oor die onderliggende infrastruktuur te bekommer.
You can run code directly from **github**, **gitlab**, **docker hub**, **DO container registry** (or a sample app).
Jy kan kode direk vanaf **github**, **gitlab**, **docker hub**, **DO container registry** (of 'n voorbeeldtoepassing) uitvoer.
When defining an **env var** you can set it as **encrypted**. The only way to **retreive** its value is executing **commands** inside the host runnig the app.
Wanneer jy 'n **env var** definieer, kan jy dit as **geënkripteer** instel. Die enigste manier om die waarde te **herwin** is deur **opdragte** binne die gasheer wat die toepassing uitvoer, uit te voer.
An **App URL** looks like this [https://dolphin-app-2tofz.ondigitalocean.app](https://dolphin-app-2tofz.ondigitalocean.app)
### Enumeration
'n **App URL** lyk soos hierdie [https://dolphin-app-2tofz.ondigitalocean.app](https://dolphin-app-2tofz.ondigitalocean.app)
### Enumerasie
```bash
doctl apps list # You should get URLs here
doctl apps spec get <app-id> # Get yaml (including env vars, might be encrypted)
@@ -21,18 +20,13 @@ doctl apps logs <app-id> # Get HTTP logs
doctl apps list-alerts <app-id> # Get alerts
doctl apps list-regions # Get available regions and the default one
```
> [!CAUTION]
> **Apps doesn't have metadata endpoint**
> **Apps het nie 'n metadata-eindpunt nie**
### RCE & Encrypted env vars
### RCE & Gekodeerde omgewingsveranderlikes
To execute code directly in the container executing the App you will need **access to the console** and go to **`https://cloud.digitalocean.com/apps/<app-id>/console/<app-name>`**.
Om kode direk in die houer wat die App uitvoer, uit te voer, sal jy **toegang tot die konsole** nodig hê en gaan na **`https://cloud.digitalocean.com/apps/<app-id>/console/<app-name>`**.
That will give you a **shell**, and just executing **`env`** you will be able to see **all the env vars** (including the ones defined as **encrypted**).
Dit sal jou 'n **skulp** gee, en deur net **`env`** uit te voer, sal jy in staat wees om **alle omgewingsveranderlikes** te sien (insluitend die wat as **gecodeerd** gedefinieer is).
{{#include ../../../banners/hacktricks-training.md}}