Object
Object
Object 447
Object
RETIRED MACHINE

Object

Object - Windows Windows
Object - Hard Hard

4.9

MACHINE RATING

849

USER OWNS

716

SYSTEM OWNS

28/02/2022

RELEASED
Created by MrR3boot

Machine Synopsis

Object is a hard Windows machine running Jenkins automation server. The automation server is found to have registration enabled and the registered user can create builds. Builds can be triggered remotely by configuring an api token. Foothold is obtained by decrypting the Jenkins secrets. The foothold user is found to have `ForceChangePassword` permissions on another user called `smith`. This privilege abuse allows us to gain access to `smith`. `smith` has `GenericWrite` permissions on `maria`. Abusing this privilege allows us to gain access to the server as this user. `maria` has `WriteOwner` permissions on `Domain Admins` group, whose privileges we exploit to get a SYSTEM shell.

Machine Matrix

Ready to start your
hacking journey?