jenkins RCE

Remote Code Execution | A Story of Simple RCE on Jenkins Instance. | by Awez Kagdi | Medium

Remote Code Execution | A Story of Simple RCE on Jenkins Instance.

Abusing Jenkins Groovy Script Console to get Shell | by Nishant Sharma | Pentester Academy Blog

Abusing Jenkins Groovy Script Console to get Shell

 

Here I have used censys.io tool to identify the vulnerability. In below POC you can seen in search query I have searched Jenkins dashboard. In result you will receive an IP’s and technologies platform used.

 

Now you have to open the IP in the browser tab to check the Jenkins Dashboard access. As you can see we have the dashboard access without any authentication and authorization.

 

Now you have to check if you have any other privilege's to exploit this vulnerability. How to check???

1. IP/asynchPeople
2. IP/configure
3. IP/configureSecurity
4. IP/script

Description: found a Jenkins instance publicly accessible. An attacker can execute an arbitrary code .

I opened it and it was publicly accessible and the worst part was it didn’t have any authentication set over it. Jenkins likes to view all the people having access to Jenkins Instance /asynchPeople provides that,

/configureSecurity- for global configuration setting.

/configure- configuration mode

/Script- To execute the script/commands.

As you can see we have access to script console to execute commands.

 

You can execute the followings commands and many more if you want.

1. “ls /”.execute().text
2. string contentRead = new File(‘/etc/passwd’).getText(‘UTF-8’)

 

 

You can also open terminal, This allows you to execute commands directly and depending on the user privilege.