Scenerio 9- codebuild_secrets
git clone https://github.com/RhinoSecurityLabs/cloudgoat.git
cd cloudgoat
chmod +x cloudgoat.py
./cloudgoat.py config whitelist --auto
./cloudgoat.py create codebuild_secrets
Scenario Resources
1 CodeBuild Project
1 Lambda function
1 VPC with:
- RDS x 1
- EC2 x 1
2 IAM Users
Scenario Start(s)
IAM User “Solo”
Scenario Goal(s)
A pair of secret strings stored in a secure RDS database.
Summary
Starting as the IAM user Solo, the attacker first enumerates and explores CodeBuild projects, finding unsecured IAM keys for the IAM user Calrissian therein. Then operating as Calrissian, the attacker discovers an RDS database. Unable to access the database’s contents directly, the attacker can make clever use of the RDS snapshot functionality to acquire the scenario’s goal: a pair of secret strings.
Alternatively, the attacker may explore SSM parameters and find SSH keys to an EC2 instance. Using the metadata service, the…