HackTheBox - Builder
00:00 - Introduction
00:45 - Start of nmap
01:45 - Looking at Jenkins Advisory 3314 (CVE-2024-23897), which has a File Read vulnerability in the CLI. Then downloading the Jar
03:00 - Explaining the Vulnerability with a quick demo
06:00 - Creating a really nasty bash script to fuzz many of the Jenkins Paramaters to see which produce the most number of lines
13:45 - Script working, discovering which commands let us export the entire passwd file
15:00 - Using docker to pull the latest version of Jenkins, in order to see how it stores credentials
21:40 - Extracting the Password Hash for Jennifer and cracking it to get logged into Jenkins
24:45 - Showing Jenkins Script Console, a fun way to get code execution on Jenkins. But this isn't the path
25:50 - Going into the Credentials Store for Jenkins, discovering a SSH Key is there. Exporting it and then using the Script Console to decrypt it
35:00 - Flailing around, trying to export all the secrets needed to decrypt the SSH Key... Don't get it working unfortunately but thought it was good to leave in here.
01:00:36 - Exporting the SSH Key through a Jenkins Pipeline
Watch video HackTheBox - Builder online, duration hours minute second in high quality that is uploaded to the channel IppSec 12 February 2024. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 12,836 times and liked it 320 visitors.
