Exploit Jenkins in the Cloud -- AWS Pentesting -- [Pwned Labs!] 

Join the Hack Smarter community: hacksmarter.org
--- In this video, I work through the "Exploit Jenkins in the Cloud" lab by Pwned Labs (pwnedlabs.io).
We get initial access by discovering a Jenkins instance with anonymous access enabled. From here, we use a custom Groovy script to write our public key to the authorized_keys file. Finally, with SSH access, we discover and decrypt AWS credentials for a privileged account.
With this privileged account, we read sensitive data (and the final flag) from an S3 Bucket.
Enjoy!
----
Join the Pwned Labs Discord: / discord