Jenkins Attacks
Last updated
Last updated
Jenkins runs on Tomcat port 8080 by default.
It also utilizes port 5000 to attach slave servers.
This port is used to communicate between masters and slaves
Jenkins can use a local database, LDAP, Unix user database, delegate security to a servlet container, or use no authentication at all
Administrators can also allow or disallow users from creating accounts.
default credentials
admin:admin
The script console can be reached at the URL http://jenkins.inlanefreight.local:8000/script
This console allows a user to run Apache scripts, which are an object-oriented Java-compatible language
For example, we can use the following snippet to run the id command.
There are various ways that access to the script console can be leveraged to gain a reverse shell.
We could run commands on a Windows-based Jenkins install using this snippet:
For example, using the command below, or Metasploit module.
Against a Windows host, we could attempt to add a user and connect to the host via RDP or WinRM or, to avoid making a change to the system, use a PowerShell download cradle with .
We could also use Java reverse shell to gain command execution on a Windows host, swapping out localhost and the port for our IP address and listener port.