gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-12 13:05:19 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['.github/pull_request_template.md', 'src/pentesting-cloud/az

Browse Source
This commit is contained in:
Translator
2024-12-31 19:03:28 +00:00
parent 7770a50092
commit 44da2ea78f
244 changed files with 7940 additions and 10781 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/pentesting-cloud/digital-ocean-pentesting/README.md
View File

@@ -4,9 +4,9 @@
## Basic Information
**Before start pentesting** a Digital Ocean environment there are a few **basics things you need to know** about how DO works to help you understand what you need to do, how to find misconfigurations and how to exploit them.
**Kabla ya kuanza pentesting** mazingira ya Digital Ocean kuna mambo machache **muhimu unahitaji kujua** kuhusu jinsi DO inavyofanya kazi ili kukusaidia kuelewa unachohitaji kufanya, jinsi ya kupata makosa ya usanidi na jinsi ya kuyatumia.
Concepts such as hierarchy, access and other basic concepts are explained in:
Mifano kama vile hiyerarhii, ufikiaji na dhana nyingine za msingi zinaelezwa katika:
{{#ref}}
do-basic-information.md
@@ -22,26 +22,20 @@ https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/clou
### Projects
To get a list of the projects and resources running on each of them from the CLI check:
Ili kupata orodha ya miradi na rasilimali zinazofanya kazi kwenye kila moja yao kutoka CLI angalia:
{{#ref}}
do-services/do-projects.md
{{#endref}}
### Whoami
```bash
doctl account get
```
## Services Enumeration
## Huduma za Uainishaji
{{#ref}}
do-services/
{{#endref}}
{{#include ../../banners/hacktricks-training.md}}

80
src/pentesting-cloud/digital-ocean-pentesting/do-basic-information.md
View File

@@ -4,49 +4,49 @@
## Basic Information
DigitalOcean is a **cloud computing platform that provides users with a variety of services**, including virtual private servers (VPS) and other resources for building, deploying, and managing applications. **DigitalOcean's services are designed to be simple and easy to use**, making them **popular among developers and small businesses**.
DigitalOcean ni **jukwaa la kompyuta wingu linalotoa huduma mbalimbali kwa watumiaji**, ikiwa ni pamoja na seva binafsi za virtual (VPS) na rasilimali nyingine za kujenga, kupeleka, na kusimamia programu. **Huduma za DigitalOcean zimeundwa kuwa rahisi na rahisi kutumia**, na zinawafanya **kuwa maarufu miongoni mwa wabunifu na biashara ndogo**.
Some of the key features of DigitalOcean include:
Baadhi ya vipengele muhimu vya DigitalOcean ni pamoja na:
- **Virtual private servers (VPS)**: DigitalOcean provides VPS that can be used to host websites and applications. These VPS are known for their simplicity and ease of use, and can be quickly and easily deployed using a variety of pre-built "droplets" or custom configurations.
- **Storage**: DigitalOcean offers a range of storage options, including object storage, block storage, and managed databases, that can be used to store and manage data for websites and applications.
- **Development and deployment tools**: DigitalOcean provides a range of tools that can be used to build, deploy, and manage applications, including APIs and pre-built droplets.
- **Security**: DigitalOcean places a strong emphasis on security, and offers a range of tools and features to help users keep their data and applications safe. This includes encryption, backups, and other security measures.
- **Seva binafsi za virtual (VPS)**: DigitalOcean inatoa VPS ambazo zinaweza kutumika kuhifadhi tovuti na programu. VPS hizi zinajulikana kwa urahisi na rahisi kutumia, na zinaweza kupelekwa haraka na kwa urahisi kwa kutumia aina mbalimbali za "droplets" zilizojengwa awali au mipangilio maalum.
- **Hifadhi**: DigitalOcean inatoa aina mbalimbali za chaguzi za hifadhi, ikiwa ni pamoja na hifadhi ya vitu, hifadhi ya vizuizi, na hifadhidata zinazodhibitiwa, ambazo zinaweza kutumika kuhifadhi na kusimamia data kwa tovuti na programu.
- **Zana za maendeleo na upelekezi**: DigitalOcean inatoa aina mbalimbali za zana ambazo zinaweza kutumika kujenga, kupeleka, na kusimamia programu, ikiwa ni pamoja na APIs na droplets zilizojengwa awali.
- **Usalama**: DigitalOcean inatoa kipaumbele kikubwa kwa usalama, na inatoa zana na vipengele mbalimbali kusaidia watumiaji kulinda data na programu zao. Hii inajumuisha usimbaji, nakala za akiba, na hatua nyingine za usalama.
Overall, DigitalOcean is a cloud computing platform that provides users with the tools and resources they need to build, deploy, and manage applications in the cloud. Its services are designed to be simple and easy to use, making them popular among developers and small businesses.
Kwa ujumla, DigitalOcean ni jukwaa la kompyuta wingu linalotoa watumiaji zana na rasilimali wanazohitaji kujenga, kupeleka, na kusimamia programu katika wingu. Huduma zake zimeundwa kuwa rahisi na rahisi kutumia, na zinawafanya kuwa maarufu miongoni mwa wabunifu na biashara ndogo.
### Main Differences from AWS
One of the main differences between DigitalOcean and AWS is the **range of services they offer**. **DigitalOcean focuses on providing simple** and easy-to-use virtual private servers (VPS), storage, and development and deployment tools. **AWS**, on the other hand, offers a **much broader range of services**, including VPS, storage, databases, machine learning, analytics, and many other services. This means that AWS is more suitable for complex, enterprise-level applications, while DigitalOcean is more suited to small businesses and developers.
Moja ya tofauti kuu kati ya DigitalOcean na AWS ni **aina ya huduma wanazotoa**. **DigitalOcean inazingatia kutoa seva binafsi za virtual (VPS) rahisi** na rahisi kutumia, hifadhi, na zana za maendeleo na upelekezi. **AWS**, kwa upande mwingine, inatoa **aina pana zaidi ya huduma**, ikiwa ni pamoja na VPS, hifadhi, hifadhidata, kujifunza mashine, uchambuzi, na huduma nyingine nyingi. Hii ina maana kwamba AWS inafaa zaidi kwa programu ngumu za kiwango cha biashara, wakati DigitalOcean inafaa zaidi kwa biashara ndogo na wabunifu.
Another key difference between the two platforms is the **pricing structure**. **DigitalOcean's pricing is generally more straightforward and easier** to understand than AWS, with a range of pricing plans that are based on the number of droplets and other resources used. AWS, on the other hand, has a more complex pricing structure that is based on a variety of factors, including the type and amount of resources used. This can make it more difficult to predict costs when using AWS.
Tofauti nyingine muhimu kati ya majukwaa haya mawili ni **muundo wa bei**. **Bei za DigitalOcean kwa ujumla ni rahisi zaidi na rahisi** kueleweka kuliko AWS, ikiwa na mipango mbalimbali ya bei inayotegemea idadi ya droplets na rasilimali nyingine zinazotumika. AWS, kwa upande mwingine, ina muundo wa bei mgumu zaidi unaotegemea mambo mbalimbali, ikiwa ni pamoja na aina na kiasi cha rasilimali zinazotumika. Hii inaweza kufanya kuwa vigumu kutabiri gharama unapotumia AWS.
## Hierarchy
### User
A user is what you expect, a user. He can **create Teams** and **be a member of different teams.**
Mtumiaji ni kile unachotarajia, mtumiaji. Anaweza **kuunda Timu** na **kuwa mwanachama wa timu tofauti.**
### **Team**
A team is a group of **users**. When a user creates a team he has the **role owner on that team** and he initially **sets up the billing info**. **Other** user can then be **invited** to the team.
Timu ni kundi la **watumiaji**. Wakati mtumiaji anaunda timu, ana **jukumu la mmiliki katika timu hiyo** na awali **anapanga taarifa za bili**. **Watumiaji wengine** wanaweza kisha **kualikwa** kwenye timu.
Inside the team there might be several **projects**. A project is just a **set of services running**. It can be used to **separate different infra stages**, like prod, staging, dev...
Ndani ya timu kunaweza kuwa na **miradi** kadhaa. Mradi ni tu **seti ya huduma zinazofanya kazi**. Inaweza kutumika **kutenganisha hatua tofauti za miundombinu**, kama vile prod, staging, dev...
### Project
As explained, a project is just a container for all the **services** (droplets, spaces, databases, kubernetes...) **running together inside of it**.\
A Digital Ocean project is very similar to a GCP project without IAM.
Kama ilivyoelezwa, mradi ni tu chombo cha huduma zote **(droplets, spaces, databases, kubernetes...) zinazofanya kazi pamoja ndani yake**.\
Mradi wa Digital Ocean ni sawa sana na mradi wa GCP bila IAM.
## Permissions
### Team
Basically all members of a team have **access to the DO resources in all the projects created within the team (with more or less privileges).**
Kimsingi, wanachama wote wa timu wana **ufikiaji wa rasilimali za DO katika miradi yote iliyoundwa ndani ya timu (ikiwa na zaidi au chini ya mamlaka).**
### Roles
Each **user inside a team** can have **one** of the following three **roles** inside of it:
Kila **mtumiaji ndani ya timu** anaweza kuwa na **moja** ya hizi tatu **roles** ndani yake:
| Role | Shared Resources | Billing Information | Team Settings |
| ---------- | ---------------- | ------------------- | ------------- |
@@ -54,70 +54,62 @@ Each **user inside a team** can have **one** of the following three **roles** in
| **Biller** | No access | Full access | No access |
| **Member** | Full access | No access | No access |
**Owner** and **member can list the users** and check their **roles** (biller cannot).
**Owner** na **member wanaweza kuorodhesha watumiaji** na kuangalia **roles zao** (biller hawezi).
## Access
### Username + password (MFA)
As in most of the platforms, in order to access to the GUI you can use a set of **valid username and password** to **access** the cloud **resources**. Once logged in you can see **all the teams you are part** of in [https://cloud.digitalocean.com/account/profile](https://cloud.digitalocean.com/account/profile).\
And you can see all your activity in [https://cloud.digitalocean.com/account/activity](https://cloud.digitalocean.com/account/activity).
Kama ilivyo katika majukwaa mengi, ili kupata GUI unaweza kutumia seti ya **jina la mtumiaji halali na nenosiri** ili **kuingia** kwenye **rasilimali** za wingu. Mara baada ya kuingia unaweza kuona **timu zote unazohusika** katika [https://cloud.digitalocean.com/account/profile](https://cloud.digitalocean.com/account/profile).\
Na unaweza kuona shughuli zako zote katika [https://cloud.digitalocean.com/account/activity](https://cloud.digitalocean.com/account/activity).
**MFA** can be **enabled** in a user and **enforced** for all the users in a **team** to access the team.
**MFA** inaweza **kuwekwa** kwa mtumiaji na **kulazimishwa** kwa watumiaji wote katika **timu** ili kupata timu.
### API keys
In order to use the API, users can **generate API keys**. These will always come with Read permissions but **Write permission are optional**.\
The API keys look like this:
Ili kutumia API, watumiaji wanaweza **kuunda funguo za API**. Hizi zitakuja kila wakati na ruhusa za Kusoma lakini **ruhusa za Kuandika ni hiari**.\
Funguo za API zinaonekana kama hii:
```
dop_v1_1946a92309d6240274519275875bb3cb03c1695f60d47eaa1532916502361836
```
The cli tool is [**doctl**](https://github.com/digitalocean/doctl#installing-doctl). Initialise it (you need a token) with:
The cli tool is [**doctl**](https://github.com/digitalocean/doctl#installing-doctl). Ianzishe (unahitaji token) kwa:
```bash
doctl auth init # Asks for the token
doctl auth init --context my-context # Login with a different token
doctl auth list # List accounts
```
Kwa default, token hii itaandikwa kwa maandiko wazi kwenye Mac katika `/Users/<username>/Library/Application Support/doctl/config.yaml`.
By default this token will be written in clear-text in Mac in `/Users/<username>/Library/Application Support/doctl/config.yaml`.
### Funguo za ufikiaji wa Spaces
### Spaces access keys
These are keys that give **access to the Spaces** (like S3 in AWS or Storage in GCP).
They are composed by a **name**, a **keyid** and a **secret**. An example could be:
Hizi ni funguo ambazo zinatoa **ufikiaji kwa Spaces** (kama S3 katika AWS au Storage katika GCP).
Zimeundwa na **jina**, **keyid** na **siri**. Mfano unaweza kuwa:
```
Name: key-example
Keyid: DO00ZW4FABSGZHAABGFX
Secret: 2JJ0CcQZ56qeFzAJ5GFUeeR4Dckarsh6EQSLm87MKlM
```
### OAuth Application
OAuth applications can be granted **access over Digital Ocean**.
Programu za OAuth zinaweza kupewa **ufikiaji juu ya Digital Ocean**.
It's possible to **create OAuth applications** in [https://cloud.digitalocean.com/account/api/applications](https://cloud.digitalocean.com/account/api/applications) and check all **allowed OAuth applications** in [https://cloud.digitalocean.com/account/api/access](https://cloud.digitalocean.com/account/api/access).
Inawezekana **kuunda programu za OAuth** katika [https://cloud.digitalocean.com/account/api/applications](https://cloud.digitalocean.com/account/api/applications) na kuangalia **programu za OAuth zilizoruhusiwa** katika [https://cloud.digitalocean.com/account/api/access](https://cloud.digitalocean.com/account/api/access).
### SSH Keys
It's possible to add **SSH keys to a Digital Ocean Team** from the **console** in [https://cloud.digitalocean.com/account/security](https://cloud.digitalocean.com/account/security).
Inawezekana kuongeza **funguo za SSH kwenye Timu ya Digital Ocean** kutoka **konso** katika [https://cloud.digitalocean.com/account/security](https://cloud.digitalocean.com/account/security).
This way, if you create a **new droplet, the SSH key will be set** on it and you will be able to **login via SSH** without password (note that newly [uploaded SSH keys aren't set in already existent droplets for security reasons](https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/to-existing-droplet/)).
Hivyo, ikiwa utaunda **droplet mpya, funguo za SSH zitakuwa zimewekwa** juu yake na utaweza **kuingia kupitia SSH** bila nenosiri (kumbuka kwamba [funguo za SSH zilizopakiwa hivi karibuni hazijapangwa kwenye droplets zilizopo kwa sababu za usalama](https://docs.digitalocean.com/products/droplets/how-to/add-ssh-keys/to-existing-droplet/)).
### Functions Authentication Token
The way **to trigger a function via REST API** (always enabled, it's the method the cli uses) is by triggering a request with an **authentication token** like:
Njia **ya kuanzisha kazi kupitia REST API** (daima imewezeshwa, ni njia ambayo cli inatumia) ni kwa kuanzisha ombi lenye **token ya uthibitishaji** kama:
```bash
curl -X POST "https://faas-lon1-129376a7.doserverless.co/api/v1/namespaces/fn-c100c012-65bf-4040-1230-2183764b7c23/actions/functionname?blocking=true&result=true" \
-H "Content-Type: application/json" \
-H "Authorization: Basic MGU0NTczZGQtNjNiYS00MjZlLWI2YjctODk0N2MyYTA2NGQ4OkhwVEllQ2t4djNZN2x6YjJiRmFGc1FERXBySVlWa1lEbUxtRE1aRTludXA1UUNlU2VpV0ZGNjNqWnVhYVdrTFg="
-H "Content-Type: application/json" \
-H "Authorization: Basic MGU0NTczZGQtNjNiYS00MjZlLWI2YjctODk0N2MyYTA2NGQ4OkhwVEllQ2t4djNZN2x6YjJiRmFGc1FERXBySVlWa1lEbUxtRE1aRTludXA1UUNlU2VpV0ZGNjNqWnVhYVdrTFg="
```
## Logs
### User logs
@@ -133,7 +125,3 @@ The **logs of a team** can be found in [**https://cloud.digitalocean.com/account
- [https://docs.digitalocean.com/products/teams/how-to/manage-membership/](https://docs.digitalocean.com/products/teams/how-to/manage-membership/)
{{#include ../../banners/hacktricks-training.md}}

6
src/pentesting-cloud/digital-ocean-pentesting/do-permissions-for-a-pentest.md
View File

@@ -2,10 +2,6 @@
{{#include ../../banners/hacktricks-training.md}}
DO doesn't support granular permissions. So the **minimum role** that allows a user to review all the resources is **member**. A pentester with this permission will be able to perform harmful activities, but it's what it's.
DO haisaidii ruhusa za kina. Hivyo **jukumu la chini** linalomruhusu mtumiaji kupitia rasilimali zote ni **mwanachama**. Pentester mwenye ruhusa hii ataweza kufanya shughuli hatari, lakini ndivyo ilivyo.
{{#include ../../banners/hacktricks-training.md}}

6
src/pentesting-cloud/digital-ocean-pentesting/do-services/README.md
View File

@@ -2,7 +2,7 @@
{{#include ../../../banners/hacktricks-training.md}}
DO offers a few services, here you can find how to **enumerate them:**
DO inatoa huduma chache, hapa unaweza kupata jinsi ya **kuzijumuisha:**
- [**Apps**](do-apps.md)
- [**Container Registry**](do-container-registry.md)
@@ -17,7 +17,3 @@ DO offers a few services, here you can find how to **enumerate them:**
- [**Volumes**](do-volumes.md)
{{#include ../../../banners/hacktricks-training.md}}

20
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-apps.md
View File

@@ -4,16 +4,15 @@
## Basic Information
[From the docs:](https://docs.digitalocean.com/glossary/app-platform/) App Platform is a Platform-as-a-Service (PaaS) offering that allows developers to **publish code directly to DigitalOcean** servers without worrying about the underlying infrastructure.
[From the docs:](https://docs.digitalocean.com/glossary/app-platform/) App Platform ni huduma ya Platform-as-a-Service (PaaS) inayowezesha wabunifu **kuchapisha msimbo moja kwa moja kwenye seva za DigitalOcean** bila wasiwasi kuhusu miundombinu ya chini.
You can run code directly from **github**, **gitlab**, **docker hub**, **DO container registry** (or a sample app).
Unaweza kuendesha msimbo moja kwa moja kutoka **github**, **gitlab**, **docker hub**, **DO container registry** (au programu ya mfano).
When defining an **env var** you can set it as **encrypted**. The only way to **retreive** its value is executing **commands** inside the host runnig the app.
Unapofafanua **env var** unaweza kuipanga kama **encrypted**. Njia pekee ya **retreive** thamani yake ni kutekeleza **commands** ndani ya mwenyeji anayekimbia programu.
An **App URL** looks like this [https://dolphin-app-2tofz.ondigitalocean.app](https://dolphin-app-2tofz.ondigitalocean.app)
**App URL** inaonekana kama hii [https://dolphin-app-2tofz.ondigitalocean.app](https://dolphin-app-2tofz.ondigitalocean.app)
### Enumeration
```bash
doctl apps list # You should get URLs here
doctl apps spec get <app-id> # Get yaml (including env vars, might be encrypted)
@@ -21,18 +20,13 @@ doctl apps logs <app-id> # Get HTTP logs
doctl apps list-alerts <app-id> # Get alerts
doctl apps list-regions # Get available regions and the default one
```
> [!CAUTION]
> **Apps doesn't have metadata endpoint**
> **Apps haina metadata endpoint**
### RCE & Encrypted env vars
To execute code directly in the container executing the App you will need **access to the console** and go to **`https://cloud.digitalocean.com/apps/<app-id>/console/<app-name>`**.
Ili kutekeleza msimbo moja kwa moja ndani ya kontena linalotekeleza App, utahitaji **kupata ufikiaji wa console** na uende **`https://cloud.digitalocean.com/apps/<app-id>/console/<app-name>`**.
That will give you a **shell**, and just executing **`env`** you will be able to see **all the env vars** (including the ones defined as **encrypted**).
Hii itakupa **shell**, na kwa kutekeleza tu **`env`** utaweza kuona **mabadiliko yote ya env** (ikiwemo yale yaliyoainishwa kama **encrypted**).
{{#include ../../../banners/hacktricks-training.md}}

14
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-container-registry.md
View File

@@ -4,12 +4,11 @@
## Basic Information
DigitalOcean Container Registry is a service provided by DigitalOcean that **allows you to store and manage Docker images**. It is a **private** registry, which means that the images that you store in it are only accessible to you and users that you grant access to. This allows you to securely store and manage your Docker images, and use them to deploy containers on DigitalOcean or any other environment that supports Docker.
DigitalOcean Container Registry ni huduma inayotolewa na DigitalOcean ambayo **inakuwezesha kuhifadhi na kusimamia picha za Docker**. Ni **rejista ya kibinafsi**, ambayo ina maana kwamba picha unazohifadhi ndani yake zinapatikana tu kwako na watumiaji ambao unawapa uf access. Hii inakuwezesha kuhifadhi na kusimamia picha zako za Docker kwa usalama, na kuzitumia kupeleka kontena kwenye DigitalOcean au mazingira mengine yoyote yanayounga mkono Docker.
When creating a Container Registry it's possible to **create a secret with pull images access (read) over it in all the namespaces** of Kubernetes clusters.
Wakati wa kuunda Rejista ya Kontena, inawezekana **kuunda siri yenye uf access wa kuvuta picha (kusoma) juu yake katika majina yote** ya makundi ya Kubernetes.
### Connection
```bash
# Using doctl
doctl registry login
@@ -19,9 +18,7 @@ docker login registry.digitalocean.com
Username: <paste-api-token>
Password: <paste-api-token>
```
### Enumeration
### Uhesabu
```bash
# Get creds to access the registry from the API
doctl registry docker-config
@@ -29,9 +26,4 @@ doctl registry docker-config
# List
doctl registry repository list-v2
```
{{#include ../../../banners/hacktricks-training.md}}

16
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-databases.md
View File

@@ -4,20 +4,17 @@
## Basic Information
With DigitalOcean Databases, you can easily **create and manage databases in the cloud** without having to worry about the underlying infrastructure. The service offers a variety of database options, including **MySQL**, **PostgreSQL**, **MongoDB**, and **Redis**, and provides tools for administering and monitoring your databases. DigitalOcean Databases is designed to be highly scalable, reliable, and secure, making it an ideal choice for powering modern applications and websites.
Na DigitalOcean Databases, unaweza kwa urahisi **kuunda na kusimamia databases katika wingu** bila kuwa na wasiwasi kuhusu miundombinu ya msingi. Huduma inatoa chaguzi mbalimbali za database, ikiwa ni pamoja na **MySQL**, **PostgreSQL**, **MongoDB**, na **Redis**, na inatoa zana za kusimamia na kufuatilia databases zako. DigitalOcean Databases imeundwa kuwa na uwezo mkubwa wa kupanuka, kuaminika, na salama, na kuifanya kuwa chaguo bora kwa kuendesha programu na tovuti za kisasa.
### Connections details
When creating a database you can select to configure it **accessible from a public network**, or just from inside a **VPC**. Moreover, it request you to **whitelist IPs that can access it** (your IPv4 can be one).
The **host**, **port**, **dbname**, **username**, and **password** are shown in the **console**. You can even download the AD certificate to connect securely.
Unapounda database unaweza kuchagua kuisakinisha **inayopatikana kutoka mtandao wa umma**, au kutoka ndani ya **VPC**. Aidha, inakuomba **kuorodhesha IPs ambazo zinaweza kuipata** (IPv4 yako inaweza kuwa moja).
**host**, **port**, **dbname**, **username**, na **password** zinaonyeshwa katika **console**. Unaweza hata kupakua cheti cha AD ili kuungana kwa usalama.
```bash
sql -h db-postgresql-ams3-90864-do-user-2700959-0.b.db.ondigitalocean.com -U doadmin -d defaultdb -p 25060
```
### Enumeration
### Uhesabu
```bash
# Databse clusters
doctl databases list
@@ -39,9 +36,4 @@ doctl databases backups <db-id> # List backups of DB
# Pools
doctl databases pool list <db-id> # List pools of DB
```
{{#include ../../../banners/hacktricks-training.md}}

36
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-droplets.md
View File

@@ -4,45 +4,44 @@
## Basic Information
In DigitalOcean, a "droplet" is a v**irtual private server (VPS)** that can be used to host websites and applications. A droplet is a **pre-configured package of computing resources**, including a certain amount of CPU, memory, and storage, that can be quickly and easily deployed on DigitalOcean's cloud infrastructure.
Katika DigitalOcean, "droplet" ni v**irtual private server (VPS)** ambayo inaweza kutumika kuhost tovuti na programu. Droplet ni **kifurushi kilichopangwa awali cha rasilimali za kompyuta**, ikiwa ni pamoja na kiasi fulani cha CPU, kumbukumbu, na uhifadhi, ambacho kinaweza kuanzishwa haraka na kwa urahisi kwenye miundombinu ya wingu ya DigitalOcean.
You can select from **common OS**, to **applications** already running (such as WordPress, cPanel, Laravel...), or even upload and use **your own images**.
Unaweza kuchagua kutoka kwa **OS za kawaida**, hadi **programu** ambazo tayari zinafanya kazi (kama WordPress, cPanel, Laravel...), au hata kupakia na kutumia **picha zako mwenyewe**.
Droplets support **User data scripts**.
Droplets zinasaidia **User data scripts**.
<details>
<summary>Difference between a snapshot and a backup</summary>
<summary>Tofauti kati ya snapshot na backup</summary>
In DigitalOcean, a snapshot is a point-in-time copy of a Droplet's disk. It captures the state of the Droplet's disk at the time the snapshot was taken, including the operating system, installed applications, and all the files and data on the disk.
Katika DigitalOcean, snapshot ni nakala ya wakati wa Droplet's disk. Inachukua hali ya Droplet's disk wakati snapshot ilipofanywa, ikiwa ni pamoja na mfumo wa uendeshaji, programu zilizowekwa, na faili zote na data kwenye disk.
Snapshots can be used to create new Droplets with the same configuration as the original Droplet, or to restore a Droplet to the state it was in when the snapshot was taken. Snapshots are stored on DigitalOcean's object storage service, and they are incremental, meaning that only the changes since the last snapshot are stored. This makes them efficient to use and cost-effective to store.
Snapshots zinaweza kutumika kuunda Droplets mpya zikiwa na usanidi sawa na Droplet asilia, au kurejesha Droplet katika hali ambayo ilikuwa wakati snapshot ilipofanywa. Snapshots zinahifadhiwa kwenye huduma ya uhifadhi wa vitu ya DigitalOcean, na ni za ongezeko, ikimaanisha kuwa mabadiliko pekee tangu snapshot ya mwisho yanahifadhiwa. Hii inafanya kuwa rahisi kuzitumia na gharama nafuu kuzihifadhi.
On the other hand, a backup is a complete copy of a Droplet, including the operating system, installed applications, files, and data, as well as the Droplet's settings and metadata. Backups are typically performed on a regular schedule, and they capture the entire state of a Droplet at a specific point in time.
Kwa upande mwingine, backup ni nakala kamili ya Droplet, ikiwa ni pamoja na mfumo wa uendeshaji, programu zilizowekwa, faili, na data, pamoja na mipangilio na metadata ya Droplet. Backups kwa kawaida hufanywa kwa ratiba ya kawaida, na zinachukua hali nzima ya Droplet katika wakati maalum.
Unlike snapshots, backups are stored in a compressed and encrypted format, and they are transferred off of DigitalOcean's infrastructure to a remote location for safekeeping. This makes backups ideal for disaster recovery, as they provide a complete copy of a Droplet that can be restored in the event of data loss or other catastrophic events.
Kinyume na snapshots, backups zinahifadhiwa katika muundo wa kubana na kuandikwa, na zinahamishwa kutoka kwenye miundombinu ya DigitalOcean kwenda mahali mbali kwa ajili ya usalama. Hii inafanya backups kuwa bora kwa urejeleaji wa majanga, kwani zinatoa nakala kamili ya Droplet ambayo inaweza kurejeshwa katika tukio la kupoteza data au matukio mengine mabaya.
In summary, snapshots are point-in-time copies of a Droplet's disk, while backups are complete copies of a Droplet, including its settings and metadata. Snapshots are stored on DigitalOcean's object storage service, while backups are transferred off of DigitalOcean's infrastructure to a remote location. Both snapshots and backups can be used to restore a Droplet, but snapshots are more efficient to use and store, while backups provide a more comprehensive backup solution for disaster recovery.
Kwa muhtasari, snapshots ni nakala za wakati wa Droplet's disk, wakati backups ni nakala kamili ya Droplet, ikiwa ni pamoja na mipangilio na metadata yake. Snapshots zinahifadhiwa kwenye huduma ya uhifadhi wa vitu ya DigitalOcean, wakati backups zinahamishwa kutoka kwenye miundombinu ya DigitalOcean kwenda mahali mbali. Snapshots na backups zote zinaweza kutumika kurejesha Droplet, lakini snapshots ni rahisi kuzitumia na kuzihifadhi, wakati backups zinatoa suluhisho la kina zaidi la backup kwa urejeleaji wa majanga.
</details>
### Authentication
For authentication it's possible to **enable SSH** through username and **password** (password defined when the droplet is created). Or **select one or more of the uploaded SSH keys**.
Kwa uthibitisho inawezekana **kuwezesha SSH** kupitia jina la mtumiaji na **nenosiri** (nenosiri lililofafanuliwa wakati droplet inaundwa). Au **chagua moja au zaidi ya funguo za SSH zilizopakiwa**.
### Firewall
> [!CAUTION]
> By default **droplets are created WITHOUT A FIREWALL** (not like in oder clouds such as AWS or GCP). So if you want DO to protect the ports of the droplet (VM), you need to **create it and attach it**.
> Kwa default **droplets zinaundwa BILA FIREWALL** (sio kama katika mawingu mengine kama AWS au GCP). Hivyo kama unataka DO kulinda bandari za droplet (VM), unahitaji **kuunda na kuunganisha**.
More info in:
Maelezo zaidi katika:
{{#ref}}
do-networking.md
{{#endref}}
### Enumeration
```bash
# VMs
doctl compute droplet list # IPs will appear here
@@ -68,18 +67,13 @@ doctl compute certificate list
# Snapshots
doctl compute snapshot list
```
> [!CAUTION]
> **Droplets have metadata endpoints**, but in DO there **isn't IAM** or things such as role from AWS or service accounts from GCP.
> **Droplets zina metadata endpoints**, lakini katika DO **hakuna IAM** au mambo kama role kutoka AWS au service accounts kutoka GCP.
### RCE
With access to the console it's possible to **get a shell inside the droplet** accessing the URL: **`https://cloud.digitalocean.com/droplets/<droplet-id>/terminal/ui/`**
Kwa kupata ufikiaji wa console inawezekana **kupata shell ndani ya droplet** kwa kufikia URL: **`https://cloud.digitalocean.com/droplets/<droplet-id>/terminal/ui/`**
It's also possible to launch a **recovery console** to run commands inside the host accessing a recovery console in **`https://cloud.digitalocean.com/droplets/<droplet-id>/console`**(but in this case you will need to know the root password).
Pia inawezekana kuzindua **recovery console** ili kuendesha amri ndani ya mwenyeji kwa kufikia recovery console katika **`https://cloud.digitalocean.com/droplets/<droplet-id>/console`**(lakini katika kesi hii utahitaji kujua nenosiri la root).
{{#include ../../../banners/hacktricks-training.md}}

34
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-functions.md
View File

@@ -4,37 +4,32 @@
## Basic Information
DigitalOcean Functions, also known as "DO Functions," is a serverless computing platform that lets you **run code without having to worry about the underlying infrastructure**. With DO Functions, you can write and deploy your code as "functions" that can be **triggered** via **API**, **HTTP requests** (if enabled) or **cron**. These functions are executed in a fully managed environment, so you **don't need to worry** about scaling, security, or maintenance.
DigitalOcean Functions, pia inajulikana kama "DO Functions," ni jukwaa la kompyuta lisilo na seva linalokuruhusu **kukimbia msimbo bila kuwa na wasiwasi kuhusu miundombinu ya msingi**. Kwa DO Functions, unaweza kuandika na kupeleka msimbo wako kama "functions" ambazo zinaweza **kuanzishwa** kupitia **API**, **maombi ya HTTP** (ikiwa imewezeshwa) au **cron**. Hizi functions zinafanywa katika mazingira yanayosimamiwa kikamilifu, hivyo **huhitaji kuwa na wasiwasi** kuhusu kupanua, usalama, au matengenezo.
In DO, to create a function first you need to **create a namespace** which will be **grouping functions**.\
Inside the namespace you can then create a function.
Katika DO, ili kuunda function kwanza unahitaji **kuunda namespace** ambayo itakuwa **ikikundi cha functions**.\
Ndani ya namespace unaweza kisha kuunda function.
### Triggers
The way **to trigger a function via REST API** (always enabled, it's the method the cli uses) is by triggering a request with an **authentication token** like:
Njia ya **kuanzisha function kupitia REST API** (daima imewezeshwa, ndiyo njia ambayo cli inatumia) ni kwa kuanzisha ombi lenye **token ya uthibitishaji** kama:
```bash
curl -X POST "https://faas-lon1-129376a7.doserverless.co/api/v1/namespaces/fn-c100c012-65bf-4040-1230-2183764b7c23/actions/functionname?blocking=true&result=true" \
-H "Content-Type: application/json" \
-H "Authorization: Basic MGU0NTczZGQtNjNiYS00MjZlLWI2YjctODk0N2MyYTA2NGQ4OkhwVEllQ2t4djNZN2x6YjJiRmFGc1FERXBySVlWa1lEbUxtRE1aRTludXA1UUNlU2VpV0ZGNjNqWnVhYVdrTFg="
-H "Content-Type: application/json" \
-H "Authorization: Basic MGU0NTczZGQtNjNiYS00MjZlLWI2YjctODk0N2MyYTA2NGQ4OkhwVEllQ2t4djNZN2x6YjJiRmFGc1FERXBySVlWa1lEbUxtRE1aRTludXA1UUNlU2VpV0ZGNjNqWnVhYVdrTFg="
```
To see how is the **`doctl`** cli tool getting this token (so you can replicate it), the **following command shows the complete network trace:**
Ili kuona jinsi zana ya **`doctl`** cli inavyopata token hii (ili uweze kuiga), **amri ifuatayo inaonyesha alama kamili ya mtandao:**
```bash
doctl serverless connect --trace
```
**When HTTP trigger is enabled**, a web function can be invoked through these **HTTP methods GET, POST, PUT, PATCH, DELETE, HEAD and OPTIONS**.
**Wakati kipengele cha HTTP kimewezeshwa**, kazi ya wavuti inaweza kuitwa kupitia hizi **mbinu za HTTP GET, POST, PUT, PATCH, DELETE, HEAD na OPTIONS**.
> [!CAUTION]
> In DO functions, **environment variables cannot be encrypted** (at the time of this writing).\
> I couldn't find any way to read them from the CLI but from the console it's straight forward.
> Katika DO functions, **mabadiliko ya mazingira hayawezi kufichwa** (wakati wa kuandika hii).\
> Sikuweza kupata njia yoyote ya kuyasoma kutoka CLI lakini kutoka kwenye console ni rahisi.
**Functions URLs** look like this: `https://<random>.doserverless.co/api/v1/web/<namespace-id>/default/<function-name>`
**URLs za Functions** zinaonekana kama hii: `https://<random>.doserverless.co/api/v1/web/<namespace-id>/default/<function-name>`
### Enumeration
```bash
# Namespace
doctl serverless namespaces list
@@ -53,12 +48,7 @@ doctl serverless activations result <activation-id> # get only the response resu
# I couldn't find any way to get the env variables form the CLI
```
> [!CAUTION]
> There **isn't metadata endpoint** from the Functions sandbox.
> Hakuna **metadata endpoint** kutoka kwenye Functions sandbox.
{{#include ../../../banners/hacktricks-training.md}}

12
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-images.md
View File

@@ -4,20 +4,14 @@
## Basic Information
DigitalOcean Images are **pre-built operating system or application images** that can be used to create new Droplets (virtual machines) on DigitalOcean. They are similar to virtual machine templates, and they allow you to **quickly and easily create new Droplets with the operating system** and applications that you need.
DigitalOcean Images ni **picha za mfumo wa uendeshaji au programu zilizojengwa awali** ambazo zinaweza kutumika kuunda Droplets mpya (mashine za virtual) kwenye DigitalOcean. Zinashabihiana na templeti za mashine za virtual, na zinakuwezesha **kuunda Droplets mpya kwa haraka na kwa urahisi na mfumo wa uendeshaji** na programu unazohitaji.
DigitalOcean provides a wide range of Images, including popular operating systems such as Ubuntu, CentOS, and FreeBSD, as well as pre-configured application Images such as LAMP, MEAN, and LEMP stacks. You can also create your own custom Images, or use Images from the community.
DigitalOcean inatoa aina mbalimbali za Images, ikiwa ni pamoja na mifumo maarufu ya uendeshaji kama Ubuntu, CentOS, na FreeBSD, pamoja na picha za programu zilizowekwa awali kama LAMP, MEAN, na LEMP stacks. Unaweza pia kuunda picha zako za kawaida, au kutumia picha kutoka kwa jamii.
When you create a new Droplet on DigitalOcean, you can choose an Image to use as the basis for the Droplet. This will automatically install the operating system and any pre-installed applications on the new Droplet, so you can start using it right away. Images can also be used to create snapshots and backups of your Droplets, so you can easily create new Droplets from the same configuration in the future.
Unapounda Droplet mpya kwenye DigitalOcean, unaweza kuchagua Image kutumia kama msingi wa Droplet. Hii itasakinisha kiotomatiki mfumo wa uendeshaji na programu zozote zilizowekwa awali kwenye Droplet mpya, ili uweze kuanza kuitumia mara moja. Images zinaweza pia kutumika kuunda snapshots na backups za Droplets zako, ili uweze kwa urahisi kuunda Droplets mpya kutoka kwa usanidi sawa katika siku zijazo.
### Enumeration
```
doctl compute image list
```
{{#include ../../../banners/hacktricks-training.md}}

20
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-kubernetes-doks.md
View File

@@ -6,15 +6,14 @@
### DigitalOcean Kubernetes (DOKS)
DOKS is a managed Kubernetes service offered by DigitalOcean. The service is designed to **deploy and manage Kubernetes clusters on DigitalOcean's platform**. The key aspects of DOKS include:
DOKS ni huduma ya Kubernetes inayosimamiwa inayotolewa na DigitalOcean. Huduma hii imeundwa ili **kupeleka na kusimamia makundi ya Kubernetes kwenye jukwaa la DigitalOcean**. Vipengele muhimu vya DOKS ni pamoja na:
1. **Ease of Management**: The requirement to set up and maintain the underlying infrastructure is eliminated, simplifying the management of Kubernetes clusters.
2. **User-Friendly Interface**: It provides an intuitive interface that facilitates the creation and administration of clusters.
3. **Integration with DigitalOcean Services**: It seamlessly integrates with other services provided by DigitalOcean, such as Load Balancers and Block Storage.
4. **Automatic Updates and Upgrades**: The service includes the automatic updating and upgrading of clusters to ensure they are up-to-date.
1. **Urahisi wa Usimamizi**: Hitaji la kuanzisha na kudumisha miundombinu ya msingi limeondolewa, na hivyo kurahisisha usimamizi wa makundi ya Kubernetes.
2. **Kiolesura Rafiki kwa Mtumiaji**: Inatoa kiolesura kinachoweza kueleweka ambacho kinasaidia katika kuunda na kusimamia makundi.
3. **Ushirikiano na Huduma za DigitalOcean**: Inajumuisha kwa urahisi na huduma nyingine zinazotolewa na DigitalOcean, kama vile Load Balancers na Block Storage.
4. **Misasisho na Uboreshaji wa Otomati**: Huduma hii inajumuisha masasisho na uboreshaji wa otomatiki wa makundi ili kuhakikisha yanakuwa ya kisasa.
### Connection
```bash
# Generate kubeconfig from doctl
doctl kubernetes cluster kubeconfig save <cluster-id>
@@ -22,9 +21,7 @@ doctl kubernetes cluster kubeconfig save <cluster-id>
# Use a kubeconfig file that you can download from the console
kubectl --kubeconfig=/<pathtodirectory>/k8s-1-25-4-do-0-ams3-1670939911166-kubeconfig.yaml get nodes
```
### Enumeration
### Uhesabuzi
```bash
# Get clusters
doctl kubernetes cluster list
@@ -35,9 +32,4 @@ doctl kubernetes cluster node-pool list <cluster-id>
# Get DO resources used by the cluster
doctl kubernetes cluster list-associated-resources <cluster-id>
```
{{#include ../../../banners/hacktricks-training.md}}

22
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-networking.md
View File

@@ -2,48 +2,34 @@
{{#include ../../../banners/hacktricks-training.md}}
### Domains
### Majina ya Kikoa
```bash
doctl compute domain list
doctl compute domain records list <domain>
# You can also create records
```
### Reserverd IPs
### IP zilizohifadhiwa
```bash
doctl compute reserved-ip list
doctl compute reserved-ip-action unassign <ip>
```
### Load Balancers
### Mizani ya Mzigo
```bash
doctl compute load-balancer list
doctl compute load-balancer remove-droplets <id> --droplet-ids 12,33
doctl compute load-balancer add-forwarding-rules <id> --forwarding-rules entry_protocol:tcp,entry_port:3306,...
```
### VPC
```
doctl vpcs list
```
### Firewall
> [!CAUTION]
> By default **droplets are created WITHOUT A FIREWALL** (not like in oder clouds such as AWS or GCP). So if you want DO to protect the ports of the droplet (VM), you need to **create it and attach it**.
> Kwa default **droplets zinaundwa BILA FIREWALL** (sio kama katika mawingu mengine kama AWS au GCP). Hivyo kama unataka DO kulinda bandari za droplet (VM), unahitaji **kuunda na kuunganisha**.
```bash
doctl compute firewall list
doctl compute firewall list-by-droplet <droplet-id>
doctl compute firewall remove-droplets <fw-id> --droplet-ids <droplet-id>
```
{{#include ../../../banners/hacktricks-training.md}}

12
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-projects.md
View File

@@ -4,8 +4,8 @@
## Basic Information
> project is just a container for all the **services** (droplets, spaces, databases, kubernetes...) **running together inside of it**.\
> For more info check:
> mradi ni chombo tu kwa ajili ya **huduma** (droplets, spaces, databases, kubernetes...) **zinazoendesha pamoja ndani yake**.\
> Kwa maelezo zaidi angalia:
{{#ref}}
../do-basic-information.md
@@ -13,15 +13,9 @@
### Enumeration
It's possible to **enumerate all the projects a user have access to** and all the resources that are running inside a project very easily:
Inawezekana **kuhesabu miradi yote ambayo mtumiaji ana ufikiaji nayo** na rasilimali zote zinazotembea ndani ya mradi kwa urahisi sana:
```bash
doctl projects list # Get projects
doctl projects resources list <proj-id> # Get all the resources of a project
```
{{#include ../../../banners/hacktricks-training.md}}

18
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-spaces.md
View File

@@ -4,23 +4,22 @@
## Basic Information
DigitalOcean Spaces are **object storage services**. They allow users to **store and serve large amounts of data**, such as images and other files, in a scalable and cost-effective way. Spaces can be accessed via the DigitalOcean control panel, or using the DigitalOcean API, and are integrated with other DigitalOcean services such as Droplets (virtual private servers) and Load Balancers.
DigitalOcean Spaces ni **huduma za uhifadhi wa vitu**. Zinawaruhusu watumiaji **kuhifadhi na kuhudumia kiasi kikubwa cha data**, kama picha na faili nyingine, kwa njia inayoweza kupanuka na yenye gharama nafuu. Spaces zinaweza kufikiwa kupitia paneli ya kudhibiti ya DigitalOcean, au kwa kutumia API ya DigitalOcean, na zimeunganishwa na huduma nyingine za DigitalOcean kama Droplets (seva binafsi za virtual) na Load Balancers.
### Access
Spaces can be **public** (anyone can access them from the Internet) or **private** (only authorised users). To access the files from a private space outside of the Control Panel, we need to generate an **access key** and **secret**. These are a pair of random tokens that serve as a **username** and **password** to grant access to your Space.
Spaces zinaweza kuwa **za umma** (mtu yeyote anaweza kuzifikia kutoka kwenye Mtandao) au **za faragha** (watumiaji walioidhinishwa tu). Ili kufikia faili kutoka kwenye nafasi ya faragha nje ya Paneli ya Kudhibiti, tunahitaji kuunda **funguo ya ufikiaji** na **siri**. Hizi ni jozi ya alama za nasibu zinazotumika kama **jina la mtumiaji** na **nenosiri** ili kutoa ufikiaji kwa Space yako.
A **URL of a space** looks like this: **`https://uniqbucketname.fra1.digitaloceanspaces.com/`**\
Note the **region** as **subdomain**.
**URL ya nafasi** inaonekana kama hii: **`https://uniqbucketname.fra1.digitaloceanspaces.com/`**\
Kumbuka **eneo** kama **subdomain**.
Even if the **space** is **public**, **files** **inside** of it can be **private** (you will be able to access them only with credentials).
Hata kama **nafasi** ni **ya umma**, **faili** **ndani** yake zinaweza kuwa **za faragha** (utaweza kuzifikia tu kwa kutumia akidi).
However, **even** if the file is **private**, from the console it's possible to share a file with a link such as `https://fra1.digitaloceanspaces.com/uniqbucketname/filename?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=DO00PL3RA373GBV4TRF7%2F20221213%2Ffra1%2Fs3%2Faws4_request&X-Amz-Date=20221213T121017Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=6a183dbc42453a8d30d7cd2068b66aeb9ebc066123629d44a8108115def975bc` for a period of time:
Hata hivyo, **hata** kama faili ni **ya faragha**, kutoka kwenye console inawezekana kushiriki faili kwa kiungo kama `https://fra1.digitaloceanspaces.com/uniqbucketname/filename?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=DO00PL3RA373GBV4TRF7%2F20221213%2Ffra1%2Fs3%2Faws4_request&X-Amz-Date=20221213T121017Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=6a183dbc42453a8d30d7cd2068b66aeb9ebc066123629d44a8108115def975bc` kwa kipindi fulani:
<figure><img src="../../../images/image (277).png" alt=""><figcaption></figcaption></figure>
### Enumeration
```bash
# Unauthenticated
## Note how the region is specified in the endpoint
@@ -42,9 +41,4 @@ aws s3 ls --endpoint=https://fra1.digitaloceanspaces.com s3://uniqbucketname
## It's also possible to generate authorized access to buckets from the API
```
{{#include ../../../banners/hacktricks-training.md}}

8
src/pentesting-cloud/digital-ocean-pentesting/do-services/do-volumes.md
View File

@@ -4,16 +4,10 @@
## Basic Information
DigitalOcean volumes are **block storage** devices that can be **attached to and detached from Droplets**. Volumes are useful for **storing data** that needs to **persist** independently of the Droplet itself, such as databases or file storage. They can be resized, attached to multiple Droplets, and snapshot for backups.
DigitalOcean volumes ni **vifaa vya uhifadhi wa block** ambavyo vinaweza **kuunganishwa na kutenganishwa na Droplets**. Volumes ni muhimu kwa **kuhifadhi data** ambayo inahitaji **kuendelea** bila kujali Droplet yenyewe, kama vile hifadhidata au uhifadhi wa faili. Vinaweza kubadilishwa ukubwa, kuunganishwa na Droplets nyingi, na kuchukuliwa picha kwa ajili ya nakala za akiba.
### Enumeration
```
compute volume list
```
{{#include ../../../banners/hacktricks-training.md}}