hacktricks-cloud/pentesting-cloud/digital-ocean-pentesting

Digital Ocean Pentesting

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}

Basic Information

Before start pentesting a Digital Ocean environment there are a few basics things you need to know about how DO works to help you understand what you need to do, how to find misconfigurations and how to exploit them.

Concepts such as hierarchy, access and other basic concepts are explained in:

{% content-ref url="do-basic-information.md" %} do-basic-information.md {% endcontent-ref %}

Basic Enumeration

SSRF

{% embed url="https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf" %}

Projects

To get a list of the projects and resources running on each of them from the CLI check:

{% content-ref url="do-services/do-projects.md" %} do-projects.md {% endcontent-ref %}

Whoami

doctl account get

Services Enumeration

{% content-ref url="do-services/" %} do-services {% endcontent-ref %}

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

{% endhint %}