Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
For more information about Artifact Registry check:
{% content-ref url="../gcp-services/gcp-artifact-registry-enum.md" %} gcp-artifact-registry-enum.md {% endcontent-ref %}
- What happens if a remote and a standard repositories are mixed in a virtual one and a package exists in both?
- The one with the highest priority set in the virtual repository is used
- If the priority is the same:
- If the version is the same, the policy name alphabetically first in the virtual repository is used
- If not, the highest version is used
{% hint style="danger" %} Therefore, it's possible to abuse a highest version (dependency confusion) in a public package registry if the remote repository has a higher or same priority {% endhint %}
This technique can be useful for persistence and unauthenticated access as to abuse it it just require to know a library name stored in Artifact Registry and create that same library in the public repository (PyPi for python for example) with a higher version.
For persistence these are the steps you need to follow:
- Requirements: A virtual repository must exist and be used, an internal package with a name that doesn't exist in the public repository must be used.
- Create a remote repository if it doesn't exist
- Add the remote repository to the virtual repository
- Edit the policies of the virtual registry to give a higher priority (or same) to the remote repository.
Run something like: - Download the legit package, add your malicious code and register it in the public repository with the same version. Every time a developer installs it, he will install yours!
For more information about dependency confusion check:
{% embed url="https://book.hacktricks.xyz/pentesting-web/dependency-confusion" %}
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.