VulnHub Amaze 1 Full Walkthrough – Jenkins Groovy Exploit, Container Breakout & Lateral Movement
In this detailed walkthrough of VulnHub Amaze 1, we exploit a misconfigured Jenkins instance using a Groovy script to gain remote code execution and initial shell access. However, after gaining access, we discover we are inside a Docker container. From there, we perform internal enumeration, discover additional live containers, upload a custom Nmap binary, and pivot deeper into the internal network. 🔎 Key Topics Covered: Jenkins Groovy Script Console exploitation Remote Code Execution (RCE) Post-exploitation enumeration Docker/container identification Internal network discovery Lateral movement techniques Pivoting with uploaded Nmap Privilege escalation concepts This lab is excellent practice for: OSCP preparation Red team skill building Container security understanding Internal network enumeration techniques If you enjoy real-world style penetration testing walkthroughs, make sure to like, subscribe, and turn on notifications 🔔 Machine link: VulnHub – Amaze 1
Video Chapters
- 0:40 Mapping the network and scanning for open ports
- 3:35 Investigating anonymous FTP access
- 5:20 Enumerating web directories for hidden logins
- 7:30 Bypassing Jenkins security with common credentials
- 8:45 Leveraging the Jenkins script console for code execution
- 10:30 Establishing a reverse shell and assessing the environment
- 11:50 Hunting for sensitive credentials in Git history
- 13:10 Overcoming authentication challenges with discovered tokens
- 14:40 Pivoting through the internal network with custom tools
- 16:00 Mapping internal hosts and potential targets
- 17:05 Final strategy for full system compromise
Original Output
0:40 Mapping the network and scanning for open ports 3:35 Investigating anonymous FTP access 5:20 Enumerating web directories for hidden logins 7:30 Bypassing Jenkins security with common credentials 8:45 Leveraging the Jenkins script console for code execution 10:30 Establishing a reverse shell and assessing the environment 11:50 Hunting for sensitive credentials in Git history 13:10 Overcoming authentication challenges with discovered tokens 14:40 Pivoting through the internal network with custom tools 16:00 Mapping internal hosts and potential targets 17:05 Final strategy for full system compromise Timestamps by StampBot 🤖 (573-vulnhub-amaze-1-full-walkthrough-jenkins-groovy-exploit-cont)
Unprocessed Timestamp Content
0:00 Introducing the Amaze machine and the goal of Jenkins exploitation 0:40 Identifying the target IP address using netdiscover on the local network 1:20 Analyzing Nmap results to find open ports like FTP and SSH 3:35 Logging into the FTP service anonymously to check for file access 5:20 Using Nikto to enumerate web directories and discover hidden login pages 7:30 Gaining access to the Jenkins automation server using common default credentials 8:45 Utilizing the Jenkins script console to execute custom Groovy code snippets 9:45 Crafting a Groovy reverse shell to connect back to Kali Linux 10:30 Escalating to root only to find the target is a container 11:50 Digging through Git commit logs to find potentially sensitive authentication tokens 13:10 Troubleshooting bad credentials when trying to use the discovered Git token 14:40 Uploading a static Nmap binary for internal network host discovery scans 16:00 Scanning internal addresses to find the host machine and other containers 17:05 Reviewing theoretical lateral movement steps to fully compromise the target machine Timestamps by StampBot 🤖 (573-vulnhub-amaze-1-full-walkthrough-jenkins-groovy-exploit-cont)