Tryhackme 2023 Advent of Cyber Day 21: DevSecOps — Yule be Poisoned: A Pipeline of Insecure Code!

What Linux kernel version is the Jenkins node?

Once we login with admin:admin, we are brought to the following screen

Let’s go into the build > pipeline > main

Now let’s log into Gitea

from our Kali terminal, we will clone the repo

Let’s change our sh command to uname -a

When trying to push to the repo, we get an error

Let’s git clone the other repo

Let’s cat out the Makefile and the file referenced within: to_pip.sh

Looks like we can just modify the Makefile

No errors this time

Back within Jenkins, we need to go to the git-wrapper-pipeline and initiate a build

Answer: 5.4.0–1029-aws

What value is found from /var/lib/jenkins/secret.key?

Let’s modify the Makefile again so we can cat out the contents of this file

Let’s run a new Build

Answer: 90e748eafdd2af4746a5ef7941e63272f24f1e33a2882f614ebfa6742e772ba7