Tips on Jenkins Security Testing
Today, mickey Niu sent an article about hacking Jenkins, which has benefited a lot. Although it is not very profound, after reading several related articles, he recorded the key points and left notes for future security tests. Article link: http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html http://www.labofapenetrationtester.com/2014/06/hacking-jenkins-servers.html https://www.pentestgeek.com/2014/06/13/hacking-jenkins-servers-with-no-password/ Tool link: https://wiki.jenkins-ci.org/display/JENKINS/Terminal+Plugin https://github.com/samratashok/nishang http://www.rapid7.com/db/modules/exploit/multi/http/jenkins_script_console https://wiki.skullsecurity.org/Passwords Key points of the article: I read several articles and said a few things: 1. the built-in groovy script parser can execute command 1 2 3 4 5 def sout = new StringBuffer (), serr = new StringBuffer () def proc = '[INSERT commandement'.exe cute () proc. consumeProcessOutput (sout, serr) proc. waitForOrKill (1000) println "out> $ sout err> $ serr" 2. using powerful powershell scripts, nishang is a powershell script set 3. when we cannot enter the console script interface to execute the script, we can use the following method. the Jenkins directory leaks a write development user information List of users: http: // [jenkinsurl]/asynchPeople/List of all builds: http: // [jenkinsurl]/view/All/builds (Seems to be fixed in the latest version 1.575) List publilcy available content: http: // [jenkinsurl]/userContent/Type of the Operating System: http: // [jenkinsurl]/computer/B. attackers can obtain users with the build job permission through brute-force password cracking, and then execute relevant commands.