Librarium
Settings

CyberSecLabs - Potato - Windows [Walkthrough]

PinkDraconian
technologyaccountadminboxcmdcodecomctfcyberseclabsdebugescalationexploitexploitationftpgithubhackhackingjuicypotatolinpeasmachinenishangnmappasswordpermissionspotatopowershellprivilegereversereverse shellrootrottenpotatoshellsudowinpeas

ā–¶ļø YouTube: https://www.youtube.com/c/PinkDraconian šŸ¦ Twitter: https://twitter.com/PinkDraconian šŸŽµ TikTok: https://www.tiktok.com/@pinkdraconian ā„¹ļø LinkedIn: https://www.linkedin.com/in/robbe-van-roey-365666195/ šŸ“ž Discord: PinkDraconian#9907 šŸ“· Instagram: https://www.instagram.com/robbevanroey/ šŸ•øļø Website: http://pinkdraconian.d4rkc0de.com/ šŸ‘Øā€šŸ’» HackTheBox: https://www.hackthebox.eu/home/users/profile/129531 Twitter: https://twitter.com/PinkDraconian Discord: PinkDraconian#9907 Website: http://pinkdraconian.d4rkc0de.com/

Platform: CyberSecLabs

Platform Link: https://www.cyberseclabs.co.uk/

Category: Machine

OS: Windows

Challenge name: Potato

Difficulty: 1/10

00:00 Introduction 00:08 Nmap scan 00:15 Looking at port 8080, running Jenkins 00:27 Admin admin credentials work on the Jenkins website 00:45 Checking hacktricks for Jenkins code exec 01:05 Getting code exec in jenkins through the groovy script console 01:45 Running a powershell reverse shell using iwr 02:41 Using a nishang oneliner shell: https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcpOneLine.ps1 04:40 Upgrading shell to meterpreter 05:56 SeImpersonatePrivilege escalation through JuicyPotato ... https://www.youtube.com/watch?v=xUHFQsncsyc

2021-12-15
0.0 LBC
Copyrighted (contact publisher)

98200984 Bytes