all InfoSec news
HackTheBox - Builder
Feb. 12, 2024, 8:03 p.m. | IppSec
IppSec www.youtube.com
00:45 - Start of nmap
01:45 - Looking at Jenkins Advisory 3314 (CVE-2024-23897), which has a File Read vulnerability in the CLI. Then downloading the Jar
03:00 - Explaining the Vulnerability with a quick demo
06:00 - Creating a really nasty bash script to fuzz many of the Jenkins Paramaters to see which produce the most number of lines
13:45 - Script working, discovering which commands let us export the entire passwd file
15:00 - Using docker …
advisory bash bash script builder cli cve cve-2024-23897 demo file fuzz hackthebox introduction jar jenkins nmap script start vulnerability
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC