Privilage Escalation using Feature Abuse
Tags:privilage-escalation Related to: Active-Directorycrtp See also: Index: 🗂️ Index of CRTP
Summary
We can locally escalate privilages by exploiting features of popular enterprise appilications
Jenkins
- CI tools are usually useful for our purpose - they have ability to run OS level commands
- Jenkins is widely used CI tool
- They usually run with local admin privilages
- We can look at users and get info on build executer
- There is no brute force protection in Jenkins if it is not integrated with other mechanisms such as Azure AD.
- Jenkins provides script console to admin at /script
- We can run arbritary commands
- If we dont have admin access we can check if accounts have configure access to configure a build in some project - by which we can run OS level commands and windows batch commands
- We can reorder build steps to make our script run first before others if build is successful