Learning Objectives
- Understand how a larger CI/CD environment operates.
- Explore indirect poisoned pipeline execution (PPE) and how it can be used to exploit Git.
- Apply CI/CD exploitation knowledge to the larger CI/CD environment.
Navigate to http://machine_ip:3000, the Gitea platform AntarctiCrafts uses for version control and development. Log in using the credentials
guest:password123
When you have logged in successfully, you should see two repositories: gift-wrapper and gift-wrapper-pipeline. Navigate to
http://machine_ip:8080
The Jenkins platform AntarctiCrafts uses for building and automation. Log in using the credentials
admin:admin
Once you have logged in successfully, you should see a project: gift-wrapper-build.
Now on our local machine: open up the terminal
Clone this repo
git clone http://machine_ip:3000/McHoneyBell/gift-wrapper.git
These are the file in gift-wrapper repo:
We need to edit Makefile
after modification Makefile should look like this
After editing push the repo.
git add .
git commit -m "<message here>"
git push
QUESTIONS
- What Linux kernel version is the Jenkins node?
ANSWER
5.4.0-1029-aws
- What value is found from /var/lib/jenkins/secret.key?
ANSWER
90e748eafdd2af4746a5ef7941e63272f24f1e33a2882f614ebfa6742e772ba7
Perform the same procedure to obatain the secret key
edit Makefile
then push it..