HackTheBox - Builder

Uploaded By: Myvideo

Published on

23 Apr 2024

1 view

0

0 votes

0

About Share Download Add to

00:00 - Introduction 00:45 - Start of nmap 01:45 - Looking at Jenkins Advisory 3314 (CVE-2024-23897), which has a File Read vulnerability in the CLI. Then downloading the Jar 03:00 - Explaining the Vulnerability with a quick demo 06:00 - Creating a really nasty bash script to fuzz many of the Jenkins Paramaters to see which produce the most number of lines 13:45 - Script working, discovering which commands let us export the entire passwd file 15:00 - Using docker to pull the latest version of Jenkins, in order to see how it stores credentials 21:40 - Extracting the Password Hash for Jennifer and cracking it to get logged into Jenkins 24:45 - Showing Jenkins Script Console, a fun way to get code execution on Jenkins. But this isn't the path 25:50 - Going into the Credentials Store for Jenkins, discovering a SSH Key is there. Exporting it and then using the Script Console to decrypt it 35:00 - Flailing around, trying to export all the secrets needed to decrypt the SSH Key... Do

Share with your friends

Link:

Embed:

<iframe width="640" height="360" src="//myvideo.cc/embed/OWlwZ0k2MEEzQWZTNE9NWTFRbFpHMGdHYlpiRmM2djhZKytWSHYwYm1XVT0" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>

Video Size:

Custom size:

x

Autoplay video

Hide player controls

Hide resume playing

Add to Playlist:

Favorites

My Playlist

Watch Later

Решаем Тред Ариадны | TINKOFF CTF 2024 | EASY

1 week ago

00:04:06

Решаем Тред Ариадны | TINKOFF CTF 2024 | EASY

1 82%

HackTheBox - Analytics

4 weeks ago

00:32:44

HackTheBox - Analytics

1 16%

HackTheBox - Manager

4 weeks ago

00:34:38

HackTheBox - Manager

1 78%

HackTheBox - AppSanity

4 weeks ago

01:27:34

HackTheBox - AppSanity

1 13%

HackTheBox - CozyHosting

4 weeks ago

00:37:18

HackTheBox - CozyHosting

1 90%

HackTheBox - Visual

4 weeks ago

00:41:25

HackTheBox - Visual

2 19%

HackTheBox - Drive

4 weeks ago

01:46:13

HackTheBox - Drive

1 90%

HackTheBox - Builder

4 weeks ago

01:12:42

HackTheBox - Builder

1 58%

HackTheBox - Keeper

4 weeks ago

00:26:29

HackTheBox - Keeper

1 80%

HackTheBox RegistryTwo

4 weeks ago

02:06:46

HackTheBox RegistryTwo

1 42%

HackTheBox - Clicker

4 weeks ago

00:54:43

HackTheBox - Clicker

5 49%

HackTheBox - Bookworm

4 weeks ago

02:05:30

HackTheBox - Bookworm

1 6%

Прохождение #Linux-машины , сложного уровня | #HackTheBox | КАК ПРОЙТИ #

4 weeks ago

00:36:09

Прохождение #Linux-машины , сложного уровня | #HackTheBox | КАК ПРОЙТИ #

1 14%

HackTheBox - Hospital

1 month ago

01:14:43

HackTheBox - Hospital

950 33%

Best Hacking Laptop 2023

1 month ago

00:33:44

Best Hacking Laptop 2023

1 34%

Top Hacking Books for 2023

2 months ago

00:27:16

Top Hacking Books for 2023

1 23%

hack the box

2 months ago

02:00:43

hack the box

1 23%

Расследую инцидент взлома | #HackTheBox | КАК ПРОЙТИ #

2 months ago

00:20:43

Расследую инцидент взлома | #HackTheBox | КАК ПРОЙТИ #

1 23%

Прохождение Linux-машины средней сложности SANDWORM HackTheBox | КАК ПРОЙТИ

2 months ago

00:30:39

Прохождение Linux-машины средней сложности SANDWORM HackTheBox | КАК ПРОЙТИ

1 28%

Прохождение задания UNDER CONSTRUCTION на Google CTF 2023 | КАК ПРОЙТИ UNDER CONSTRUCTION GOOGLE CTF

2 months ago

00:13:24

Прохождение задания UNDER CONSTRUCTION на Google CTF 2023 | КАК ПРОЙТИ UNDER CONSTRUCTION GOOGLE CTF

1 5%

Bug Bounty Course 2024 Updated

2 months ago

11:21:04

Bug Bounty Course 2024 Updated

1 54%

George Hotz | Programming | Hack The Box | ctf practice for skill (should tomcr00se return)

4 months ago

05:30:24

George Hotz | Programming | Hack The Box | ctf practice for skill (should tomcr00se return)

3 9%

HackTheBox Zipping

4 months ago

01:02:06

HackTheBox Zipping

16 47%

HackTheBox - Sau

4 months ago

00:16:21

HackTheBox - Sau

18 17%

0 Comments

Guest