The Best Butler Writeup

Solved by thewhiteh4t

We get a jenkins dashboard in this challenge. Jenkins is a very popular open source automation server used in DevOps infrastructure.

Fingerprinting

Jenkins version 2.332.2 is visible in the footer. We can easily find vulnerabilities for this version :

Multiple vulnerabilities in Jenkins and Jenkins LTS

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.

Working exploit PoC : CVE-2024-23897

We can simply run the python file and provide the challenge URL as argument to leak sensitive data from the endpoint :

Key Learning and Takeaways

• Fingerprinting : It’s the first step in finding known weaknesses. Always look for version numbers on any service you encounter, more fingerprinting means easier pwning later.
• Proof-of-Concepts (PoCs) are Your Best Friend : Other people like you and me, some of us love making PoCs for exploits, and it helps a lot in work and as well as in CTFs. This also highlights how quickly an attacker can leverage publicly known vulnerabilities once they’ve identified the software version.
• TLDR : Keep all software up to date everywhere and specially in a DevOps environment!