Skip to content

Latest commit

 

History

History
102 lines (59 loc) · 2.44 KB

Task 26 [Day 20] DevSecOps Advent of Frostlings.md

File metadata and controls

102 lines (59 loc) · 2.44 KB
Raw

Task 26 [Day 20] DevSecOps Advent of Frostlings

Learning Objectives In today's task, you will:

  • Learn about poisoned pipeline execution.
  • Understand how to secure CI/CD pipelines.
  • Get an introduction to secure software development lifecycles (SSDLC) & DevSecOps.
  • Learn about CI/CD best practices.

Once the machine is up go to this address http://machine_ip on your AttackBox, log in to the GitLab server using the credentials provided:

USERNAME : DelfSecOps

PASSWORD: TryHackMe!

Screenshot 2024-01-12 at 3 32 23 AM
Screenshot 2024-01-12 at 3 33 50 AM

Now open gitlab-ci.yml

In the gitlab-ci.yml 9081 port is mentioned.

Screenshot 2024-01-12 at 3 35 16 AM

so let's take a look..

Screenshot 2024-01-12 at 3 36 28 AM

BACK TO THE QUESTIONS

  1. What is the handle of the developer responsible for the merge changes?

ANSWER

BadSecOps
Screenshot 2024-01-12 at 3 39 41 AM
  1. What port is the defaced calendar site server running on?

ANSWER

9081
  1. What server is the malicious server running on?

ANSWER

apache
Screenshot 2024-01-12 at 3 42 12 AM
  1. What message did the Frostlings leave on the defaced site?

ANSWER

frostlings rule :)
Screenshot 2024-01-12 at 3 36 28 AM
  1. What is the commit ID of the original code for the Advent Calendar site?

ANSWER

986b7407
Screenshot 2024-01-12 at 3 46 27 AM