HackTheBox - Builder
00:00 - Introduction
00:45 - Start of nmap
01:45 - Looking at Jenkins Advisory 3314 (CVE-2024-23897), which has a File Read vulnerability in the CLI. Then downloading the Jar
03:00 - Explaining the Vulnerability with a quick demo
06:00 - Creating a really nasty bash script to fuzz many of the Jenkins Paramaters to see which produce the most number of lines
13:45 - Script working, discovering which commands let us export the entire passwd file
15:00 - Using docker to pull the latest version of Jenkins, in order to see how it stores credentials
21:40 - Extracting the Password Hash for Jennifer and cracking it to get logged into Jenkins
24:45 - Showing Jenkins Script Console, a fun way to get code execution on Jenkins. But this isn't the path
25:50 - Going into the Credentials Store for Jenkins, discovering a SSH Key is there. Exporting it and then using the Script Console to decrypt it
35:00 - Flailing around, trying to export all the secrets needed to decrypt the SSH Key... Don't get it working unfortunately but thought it was good to leave in here.
01:00:36 - Exporting the SSH Key through a Jenkins Pipeline
Watch video HackTheBox - Builder online without registration, duration hours minute second in high quality. This video was added by user IppSec 12 February 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 12,836 once and liked it 320 people.