New Series

Pipeline Breach

Five targets inside a leaky CI/CD pipeline. Exposed git history, environment files, a misconfigured registry, an artifact server with live backups, and a Jenkins-sim you can walk right into.

Git Exposure Env File Leak Registry Misconfig Artifact Leak CI/CD RCE

5 Machines

Free No Paywall

DevOps Focus

0/5 Online Now

The Machines

Five pipeline stages. Each one leaking credentials.

Machine 01 Offline

Pipeline Git

Git Exposure

The .git/ directory is served publicly. Reconstruct the repo, run git log — credentials were committed then deleted. Deletion does not mean gone.

Flask /health returns os.environ as JSON. The nginx config also serves /.env directly. Two paths to the same secret. Check both.

Unauthenticated Docker registry stub. /v2/_catalog lists images. Pull the layer blobs — the image was built with SSH creds in an ENV directive.

The artifact server's backup.tar.gz is world-readable. Extract it, find the SSH private key the build process left in the archive. Unintentional but common.

☠ Series Finale

Jenkins-sim Flask app with admin:admin default credentials. The /ci/execute endpoint runs shell commands as www-data. Enumerate, escalate, own the runner.

🐀🐀🐀🐀 Hard

Attack Chain

Recommended order of attack.

Start Here

Machine 01

Pipeline Git

Git Exposure

→

Machine 02

Pipeline Env

Env Leak

→

Machine 03

Pipeline Registry

Registry

→

Machine 04

Pipeline Artifact

Artifact

→

Machine 05

Pipeline Runner

CI/CD RCE

Ready to breach the pipeline?

Five DevOps misconfigs. Five credential leaks. Real-world CI/CD attack surface in one series.

Create Free Account Browse All Challenges →

Launching 4 July 2026 — DevSecOps series covering CI/CD attack surface and supply chain risks.