gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-02-05 11:26:11 -08:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['src/README.md', 'src/banners/hacktricks-training.md', 'src/

Browse Source
This commit is contained in:
Translator
2024-12-31 20:24:43 +00:00
parent 10e2881a9b
commit 9ce07d92a3
245 changed files with 9883 additions and 12659 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/pentesting-cloud/aws-security/aws-services/aws-codebuild-enum.md
View File

@@ -4,30 +4,29 @@
## CodeBuild
AWS **CodeBuild** is recognized as a **fully managed continuous integration service**. The primary purpose of this service is to automate the sequence of compiling source code, executing tests, and packaging the software for deployment purposes. The predominant benefit offered by CodeBuild lies in its ability to alleviate the need for users to provision, manage, and scale their build servers. This convenience is because the service itself manages these tasks. Essential features of AWS CodeBuild encompass:
AWS **CodeBuild** se prepoznaje kao **potpuno upravljana usluga kontinuirane integracije**. Primarna svrha ove usluge je automatizacija sekvence kompajliranja izvornog koda, izvršavanja testova i pakovanja softvera za svrhe implementacije. Dominantna prednost koju nudi CodeBuild leži u njegovoj sposobnosti da olakša korisnicima potrebu za obezbeđivanjem, upravljanjem i skaliranjem svojih build servera. Ova pogodnost je rezultat toga što sama usluga upravlja tim zadacima. Osnovne karakteristike AWS CodeBuild obuhvataju:
1. **Managed Service**: CodeBuild manages and scales the build servers, freeing users from server maintenance.
2. **Continuous Integration**: It integrates with the development and deployment workflow, automating the build and test phases of the software release process.
3. **Package Production**: After the build and test phases, it prepares the software packages, making them ready for deployment.
1. **Upravljana usluga**: CodeBuild upravlja i skalira build servere, oslobađajući korisnike od održavanja servera.
2. **Kontinuirana integracija**: Integrira se sa razvojnim i implementacionim radnim tokom, automatizujući faze build-a i testiranja procesa objavljivanja softvera.
3. **Proizvodnja paketa**: Nakon faza build-a i testiranja, priprema softverske pakete, čineći ih spremnim za implementaciju.
AWS CodeBuild seamlessly integrates with other AWS services, enhancing the CI/CD (Continuous Integration/Continuous Deployment) pipeline's efficiency and reliability.
AWS CodeBuild se besprekorno integriše sa drugim AWS uslugama, poboljšavajući efikasnost i pouzdanost CI/CD (Kontinuirana integracija/Kontinuirana implementacija) lanca.
### **Github/Gitlab/Bitbucket Credentials**
### **Github/Gitlab/Bitbucket akreditivi**
#### **Default source credentials**
#### **Podrazumevani izvorni akreditivi**
This is the legacy option where it's possible to configure some **access** (like a Github token or app) that will be **shared across codebuild projects** so all the projects can use this configured set of credentials.
Ovo je opcija iz nasleđa gde je moguće konfigurisati neki **pristup** (kao što je Github token ili aplikacija) koji će biti **deljen između codebuild projekata** tako da svi projekti mogu koristiti ovaj konfigurisani set akreditiva.
The stored credentials (tokens, passwords...) are **managed by codebuild** and there isn't any public way to retrieve them from AWS APIs.
Skladišteni akreditivi (tokeni, lozinke...) su **upravljao codebuild** i ne postoji javni način da se oni dobiju iz AWS API-ja.
#### Custom source credential
#### Prilagođeni izvorni akreditiv
Depending on the repository platform (Github, Gitlab and Bitbucket) different options are provided. But in general, any option that requires to **store a token or a password will store it as a secret in the secrets manager**.
U zavisnosti od platforme repozitorijuma (Github, Gitlab i Bitbucket) pružaju se različite opcije. Ali generalno, svaka opcija koja zahteva **smeštanje tokena ili lozinke će je sačuvati kao tajnu u menadžeru tajni**.
This allows **different codebuild projects to use different configured accesses** to the providers instead of just using the configured default one.
To omogućava **različitim codebuild projektima da koriste različite konfigurisane pristupe** provajderima umesto da koriste samo konfigurisani podrazumevani.
### Enumeration
```bash
# List external repo creds (such as github tokens)
## It doesn't return the token but just the ARN where it's located
@@ -48,10 +47,9 @@ aws codebuild list-build-batches-for-project --project-name <p_name>
aws codebuild list-reports
aws codebuild describe-test-cases --report-arn <ARN>
```
### Privesc
In the following page, you can check how to **abuse codebuild permissions to escalate privileges**:
Na sledećoj stranici možete proveriti kako da **zloupotrebite dozvole za codebuild da biste eskalirali privilegije**:
{{#ref}}
../aws-privilege-escalation/aws-codebuild-privesc.md
@@ -74,7 +72,3 @@ In the following page, you can check how to **abuse codebuild permissions to esc
- [https://docs.aws.amazon.com/managedservices/latest/userguide/code-build.html](https://docs.aws.amazon.com/managedservices/latest/userguide/code-build.html)
{{#include ../../../banners/hacktricks-training.md}}