CVE-2014-2064 PoC — CloudBees Jenkins 安全漏洞

Source

Associated Vulnerability

Title:CloudBees Jenkins 安全漏洞 (CVE-2014-2064)
Description:CloudBees Jenkins是美国CloudBees公司的一款基于Java开发的开源的、可持续集成的自动化服务器，它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。LTS（Long-Term Support）是CloudBees Jenkins的一个长期支持版本。 CloudBees Jenkins 1.551之前版本和LTS 1.532.2之前版本的hudson/security/HudsonPrivateSecurityRealm.java文件中的‘loadUserByUserna

Description

Reproducible exploits for: CVE-2016-1240 CVE-2008-2938 CVE-2014-2064 CVE-2014-1904

Readme

# [Offensive technologies course](https://securitylab.disi.unitn.it/doku.php?id=course_on_offensive_technologies)

This repository contains descriptions of several vulnerabilities and the code that exploits them.

Exploitable environments can be found in `/dockerfiles/victim` folder. Attacker environments can be found in `/dockerfiles/attacker` folder. Everything comes as Docker images.

Exploited CVEs:
* CVE-2008-2938 (Tomcat path traversal)
* CVE-2014-1904 (Spring path traversal)
* CVE-2014-2064 (Jenkins information disclosure)
* CVE-2016-1240 (Tomcat privilege escalation)

For each vulnerability a shell is uploaded on the victim server, infecting each webpage in order to include an [exploit kit](https://www.f-secure.com/en/web/labs_global/exploit-kits)

File Snapshot


 [4.0K]  /data/pocs/626cfcf182ac1e087fb302c57a5e03e05ed0ea08
├── [4.0K]  descriptions
│   ├── [4.0K]  CVE-2008-2370 Tomcat Path Traversal
│   │   ├── [ 977]  CVE20082370.java
│   │   └── [ 724]  README.md
│   ├── [4.0K]  CVE-2008-2938 Tomcat Full Path Traversal
│   │   └── [ 916]  README.md
│   ├── [4.0K]  CVE-2011-0013 Tomcat administrator XSS
│   │   └── [1.9K]  README.md
│   ├── [4.0K]  CVE-2014-1904 Spring XSS
│   │   └── [4.2K]  README.md
│   ├── [4.0K]  CVE-2014-2064 Jenkins Information Disclosure
│   │   └── [1.3K]  README.md
│   └── [4.0K]  CVE-2016-1240 Tomcat Privilege Escalation
│       ├── [1.7K]  README.md
│       └── [6.9K]  tomcat-rootprivesc-deb.sh
├── [4.0K]  dockerfiles
│   ├── [4.0K]  Attacker
│   │   ├── [4.0K]  Metasploit
│   │   │   ├── [  92]  build.sh
│   │   │   └── [4.0K]  msf
│   │   │       └── [4.0K]  pathTraversal
│   │   │           ├── [  16]  after.rc
│   │   │           ├── [ 744]  arguments.py
│   │   │           ├── [ 773]  compromise.py
│   │   │           ├── [ 226]  database.py
│   │   │           ├── [ 121]  deploy.rc
│   │   │           ├── [ 325]  deploy.sh
│   │   │           ├── [  25]  escalate.rc
│   │   │           ├── [1.4K]  exploit.py
│   │   │           ├── [ 426]  injectExampleFile.sh
│   │   │           ├── [ 708]  injectPrivileged.rb
│   │   │           ├── [ 826]  inject.rb
│   │   │           ├── [ 569]  injectWithPriv.sh
│   │   │           ├── [ 195]  output.py
│   │   │           ├── [  32]  runInject.rb
│   │   │           ├── [ 807]  traversal.py
│   │   │           ├── [1000]  uploadShell.rb
│   │   │           └── [  20]  uploadShell.rc
│   │   ├── [4.0K]  Node
│   │   │   ├── [ 142]  build.sh
│   │   │   ├── [ 552]  Dockerfile
│   │   │   └── [4.0K]  shared
│   │   │       ├── [7.1K]  brute.js
│   │   │       ├── [ 990]  buildInjectFile.js
│   │   │       ├── [ 276]  config.json
│   │   │       ├── [ 424]  infect.sh
│   │   │       ├── [ 335]  package.json
│   │   │       └── [ 705]  secure.js
│   │   └── [ 589]  README.md
│   └── [4.0K]  Victim
│       ├── [4.0K]  Java1.5.05
│       │   └── [1.2K]  Dockerfile
│       ├── [4.0K]  Jenkins1.503
│       │   ├── [ 208]  build.sh
│       │   ├── [2.6K]  Dockerfile
│       │   ├── [ 327]  init.groovy
│       │   ├── [5.8K]  install-plugins.sh
│       │   ├── [1.2K]  jenkins.sh
│       │   ├── [4.9K]  jenkins-support
│       │   └── [3.8K]  plugins.sh
│       ├── [4.0K]  Jenkins1.531
│       │   ├── [ 185]  build.sh
│       │   ├── [2.8K]  Dockerfile
│       │   ├── [ 327]  init.groovy
│       │   ├── [5.8K]  install-plugins.sh
│       │   ├── [1.2K]  jenkins.sh
│       │   ├── [4.9K]  jenkins-support
│       │   └── [3.8K]  plugins.sh
│       ├── [ 613]  README.md
│       ├── [4.0K]  Spring4.0.1
│       │   ├── [ 196]  build.sh
│       │   ├── [ 310]  config.xml
│       │   ├── [1.0K]  Dockerfile
│       │   ├── [3.9M]  springapp401-1.0-SNAPSHOT.war
│       │   ├── [ 374]  tomcat-users.xml
│       │   └── [6.4K]  web.xml
│       ├── [4.0K]  Spring4.1.1
│       │   ├── [ 175]  build.sh
│       │   ├── [ 310]  config.xml
│       │   ├── [1018]  Dockerfile
│       │   ├── [4.0K]  shared
│       │   │   └── [ 218]  watchdog.sh
│       │   ├── [4.2M]  springapp411-1.0-SNAPSHOT.war
│       │   ├── [ 374]  tomcat-users.xml
│       │   ├── [ 218]  watchdog.sh
│       │   └── [6.4K]  web.xml
│       ├── [4.0K]  Tomcat6.0.1
│       │   ├── [ 190]  build.sh
│       │   ├── [ 348]  context.xml
│       │   ├── [1.1K]  Dockerfile
│       │   ├── [ 100]  init.sh
│       │   ├── [5.0K]  server.xml
│       │   └── [ 374]  tomcat-users.xml
│       ├── [4.0K]  Tomcat6.0.16
│       │   ├── [ 174]  build.sh
│       │   ├── [ 348]  context.xml
│       │   ├── [1.2K]  Dockerfile
│       │   ├── [ 100]  init.sh
│       │   ├── [5.0K]  server.xml
│       │   └── [ 374]  tomcat-users.xml
│       ├── [4.0K]  Tomcat6.0.39
│       │   ├── [ 204]  build.sh
│       │   ├── [ 643]  Dockerfile
│       │   └── [4.0K]  shared
│       │       └── [ 416]  own.c
│       └── [4.0K]  Tomcat7.0.68
│           ├── [ 204]  build.sh
│           ├── [ 712]  Dockerfile
│           ├── [4.0K]  shared
│           │   ├── [ 416]  own.c
│           │   └── [ 262]  test.sh
│           └── [ 374]  tomcat-users.xml
├── [ 765]  README.md
└── [4.0K]  Slides
    ├── [1.6M]  Exploits Presentation Part 1.pptx
    ├── [1.4M]  Exploits Presentation Part 2.pptx
    ├── [1.4M]  Final presentation.pptx
    └── [197K]  Vulnerabilities Presentation.pptx

28 directories, 90 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!