Ansible
General
Inventory File (controlled machines):
Usually ansibles SSH key is accepted on controlled machines (usually with sudo/root privileges).
Run Commands on inventory machines:
"Become" can be used to su to a specific user (default is root).
Exposed credentials
Grep for:
Encrypted vault passwords can be cracked with ansible2john
and hashcat with type 16900.
Misc
Check for exposed credentials in syslog
Check for playbook backups
Playbooks
Write authorized_keys file via playbook:
Run shell commands:
Last updated