Hacking Butler. Machine: Butler | by Rahul Ravishankar | Jan, 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

We start by going out to the webpage

We can try brute forcing this login page with the help of Burp Suite

We can then send this information to the Repeater and Intruder

Although we may be able to try different passwords and usernames using the repeater, it may take forever so we can instead use Intruder and create our attack

Seeing the result from the attacks we can identify a change on request 12, which gives us a session ID so we can try logging in using that information

Using the username and password we were able to brute force, we can be an authenticated user

While exploring Jenkins we see that we can use a “Script Console” tool

We can look up possible exploits that we can run that are related to Groovy

Using the following Github link we can open up a Groovy Reverse Shell

Before we run the script we need to set up a listener on port 8044 and change some of the code to make it suitable for us

Hitting run we can see that we can log in as the user Butler

We can look more into the system to see if there is anything else we can abuse

Since this is a Windows machine lets go download the tool “winPEAS” and have that in our transfer file

Let’s host up the transfer folder so we can run winpeas on the Butler’s machine

Going back to the machine lets go to a place where we can write

Let’s now grab the winpeas.exe file

Make sure it was successfully transferred over and we can then execute it

Looking through the results we see this possible method of exploit

Let’s now generate some malware that can hopefully get us a root shell

We then will open up a netcat listener on port 7777

Let’s startup the transfer folder once again

We need to go to “Program Files” is located to find the original Wise.exe folder

We can then transfer the file over

Before we execute Wise.exe, we need to stop the current process running which is called “WiseBootAssistant” and start it once again so it can run our version of Wise.exe

Going back to our NetCat listener, we see that we were able to get a shell back as a system!


Click Here For The Original Story From This Source.

National Cyber Security