Builder is a neat box focused on a recent Jenkins vulnerability, CVE-2024-23897. It allows for partial file read and can lead to remote code execution. I’ll show how to exploit the vulnerability, explore methods to get the most of a file possible, find a password hash for the admin user and crack it to get access to Jenkins. From in Jenkins, I’ll find a saved SSH key and show three paths to recover it. First, dumping an encrypted version from the admin panel. Second, using it to SSH into the host and finding a copy there. And third by having the pipeline leak the key back to me.

0xdf hacks stuff

HTB: Builder is a post about exploiting a recent Jenkins vulnerability (CVE-2024-23897) to achieve remote code execution and gain access to the Jenkins server. The post covers the recon process, enumeration, authentication, file read, enumeration, password cracking, and SSH key recovery.