Privilage Escalation using Feature Abuse

Tags:privilage-escalation Related to: Active-Directorycrtp See also: Index: 🗂️ Index of CRTP

Summary

We can locally escalate privilages by exploiting features of popular enterprise appilications

Jenkins

  • CI tools are usually useful for our purpose - they have ability to run OS level commands
  • Jenkins is widely used CI tool
  • They usually run with local admin privilages
  • We can look at users and get info on build executer
  • There is no brute force protection in Jenkins if it is not integrated with other mechanisms such as Azure AD.
  • Jenkins provides script console to admin at /script
  • We can run arbritary commands
  • If we dont have admin access we can check if accounts have configure access to configure a build in some project - by which we can run OS level commands and windows batch commands
  • We can reorder build steps to make our script run first before others if build is successful
References (optional )