Context

The objective of this room is to exploit a misconfigured Jenkins instance to gain an initial foothold, and then escalate privileges on a Windows system by abusing authentication tokens.

Starting hypothesis

This lab highlights two key real-world attack paths:

• Abuse of weak/default credentials on exposed services
• Privilege escalation via Windows token impersonation

Method / Used Tools

Initial Access

The first step consists of performing a full port scan to identify exposed services:

nmap-A-p-10.130.155.102--min-rate10000-Pn

The scan reveals three open ports:

• 80 (HTTP – IIS 7.5) → no useful content
• 3389 (RDP) → not directly exploitable
• 8080 (HTTP – Jetty) → interesting target

Accessing port 8080 exposes a Jenkins login panel. Since Jenkins is often misconfigured, checking default credentials is a common and effective approach.

A quick search suggests default credentials:

• username: admin
• password: admin

This works, giving full access to the Jenkins dashboard.