all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

HackTheBox - Writeup Builder [Retired]

Add to bookmarks
April 27, 2024, 4:04 p.m. | Guilherme Martins

DEV Community dev.to




Hackthebox


Neste writeup iremos explorar uma máquina linux de nível medium chamada Builder que aborda as seguintes vulnerabilidades e técnicas de exploração



  • CVE-2024-23897 (Jenkins Arbitrary File Read)

  • Sensitive Data Exposure





Recon e user flag


Iremos iniciar realizando uma varredura utilizando o nmap para visualizar as portas abertas em nosso alvo:



┌──(root㉿kali)-[/home/kali/hackthebox/machines-linux/builder]
└─# nmap -sV --open -Pn 10.129.220.88
Starting Nmap 7.93 ( https://nmap.org ) at 2024-02-13 12:15 EST
Nmap scan report for 10.129.220.88
Host is up (0.26s latency).
Not shown: 998 …

builder cve cve-2024 cve-2024-23897 cybersecurity data data exposure exposure file flag hackthebox home jenkins kali linux machines medium nmap recon root security sensitive sensitive data sensitive data exposure vulnerabilities writeup

Visit resource

More from dev.to / DEV Community

Value of Frida Dynamic Instrumentation to Cyber Community 2 hours ago | dev.to
applications attacks bolster community +20
Vulnerabilities: Cause for Concern 5 hours ago | dev.to
audit course everything fix +11
Welcome to the Exciting World of Zig! 🚀 9 hours ago | dev.to
compiler detect efficiency error +14
ID Document Recognition SDK by FacePlugin 12 hours ago | dev.to
airports banks businesses challenges +16
What Is Cross-Site Scripting (XSS) and How Does It Work? 13 hours ago | dev.to
attacks cross-site cross-site scripting (xss) attacks digital +26
6 hard truths about learning to code in 2024 15 hours ago | dev.to
article best practices career code +17
tough-cookie-2.4.3 Vulnerability issue 16 hours ago | dev.to
angular assistance cookie critical +6
Using Amazon ECR Image Scanning and AWS Security Hub for Vulnerability Management 17 hours ago | dev.to
amazon applications aspect aws +25
Understanding the Difference Between Authentication and Authorization 20 hours ago | dev.to
authentication authorization context development +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Embedded VSOC Analyst

@ Sibylline Ltd | Australia, Australia
View on infosec-jobs.com

Cloud Security Platform Engineer

@ Google | London, UK; United Kingdom
View on infosec-jobs.com

Senior Associate Cybersecurity GRC - FedRAMP

@ Workday | USA, VA, McLean
View on infosec-jobs.com

Senior Incident Response Consultant, Mandiant, Google Cloud

@ Google | Mexico; Colombia
View on infosec-jobs.com

Cyber Software Engineering, Advisor

@ Peraton | Fort Gordon, GA, United States
View on infosec-jobs.com

Cloud Security Architect (Federal)

@ Moveworks | Remote, USA
View on infosec-jobs.com
View more jobs