00:00 – Introduction
00:45 – Start of nmap
01:45 – Looking at Jenkins Advisory 3314 (CVE-2024-23897), which has a File Read vulnerability in the CLI. Then downloading the Jar
03:00 – Explaining the Vulnerability with a quick demo
06:00 – Creating a really nasty bash script to fuzz many of the Jenkins Paramaters to see which produce the most number of lines
13:45 – Script working, discovering which commands let us export the entire passwd file
15:00 – Using docker to pull the latest version of Jenkins, in order to see how it stores credentials
21:40 – Extracting the Password Hash for Jennifer and cracking it to get logged into Jenkins
24:45 – Showing Jenkins Script Console, a fun way to get code execution on Jenkins. But this isn’t the path
25:50 – Going into the Credentials Store for Jenkins, discovering a SSH Key is there. Exporting it and then using the Script Console to decrypt it
35:00 – Flailing around, trying to export all the secrets needed to decrypt the SSH Key… Don’t get it working unfortunately but thought it was good to leave in here.
01:00:36 – Exporting the SSH Key through a Jenkins Pipeline
[ad_2]
source
