Tryhackme 2023 Advent of Cyber Day 21: DevSecOps — Yule be Poisoned: A Pipeline of Insecure Code!
What Linux kernel version is the Jenkins node?
Once we login with admin:admin, we are brought to the following screen
Let’s go into the build > pipeline > main
Now let’s log into Gitea
from our Kali terminal, we will clone the repo
Let’s change our sh command to uname -a
When trying to push to the repo, we get an error
Let’s git clone the other repo
Let’s cat out the Makefile and the file referenced within: to_pip.sh
Looks like we can just modify the Makefile
No errors this time
Back within Jenkins, we need to go to the git-wrapper-pipeline and initiate a build
Answer: 5.4.0–1029-aws
What value is found from /var/lib/jenkins/secret.key?
Let’s modify the Makefile again so we can cat out the contents of this file
Let’s run a new Build
Answer: 90e748eafdd2af4746a5ef7941e63272f24f1e33a2882f614ebfa6742e772ba7