00:00 - Introduction
00:45 - Start of nmap
01:45 - Looking at Jenkins Advisory 3314 (CVE-2024-23897), which has a File Read vulnerability in the CLI. Then downloading the Jar
03:00 - Explaining the Vulnerability with a quick demo
06:00 - Creating a really nasty bash script to fuzz many of the Jenkins Paramaters to see which produce the most number of lines
13:45 - Script working, discovering which commands let us export the entire passwd file
15:00 - Using docker to pull the latest version of Jenkins, in order to see how it stores credentials
21:40 - Extracting the Password Hash for Jennifer and cracking it to get logged into Jenkins
24:45 - Showing Jenkins Script Console, a fun way to get code execution on Jenkins. But this isn't the path
25:50 - Going into the Credentials Store for Jenkins, discovering a SSH Key is there. Exporting it and then using the Script Console to decrypt it
35:00 - Flailing around, trying to export all the secrets needed to decrypt the SSH Key... Don't get it working unfortunately but thought it was good to leave in here.
01:00:36 - Exporting the SSH Key through a Jenkins Pipeline
Support the originator by clicking the read the rest link below.
