来源

关联漏洞

描述

CVE-2018-1000861 Exploit

介绍

# CVE-2018-1000861
Simple script to exploit CVE-2018-1000861, written in Python 3
<p>

### Usage:

```
usage: exploit.py [-h] -u URL [-c CMD] [-r] [-i IP] [-p PORT] [-v]

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Target Jenkins server
  -c CMD, --cmd CMD     Command to execute
  -r, --revshell        Execute reverse shell
  -i IP, --ip IP        IP address for reverse shell callback
  -p PORT, --port PORT  Port for reverse shell callback
  -v, --verbose         Verbose output
```
<p>

### Ex:
```
python exploit.py -u http://192.168.1.20 -c 'ping 192.168.1.10'
```
<p>

### Notes:
- This tool does not attempt to verify the target is vulnerable. All it does is shove a shell command into a Java class.
- Shell commands executed will not return output. You'll need to either have method of verifying the command execute (ie ping + tcpdump) or use a reverse shell
- This vulnerability affects both Linux and Windows installs of Jenkins where the . You should attempt to verify target OS prior to executing this (such as through ICMP TTL or available services)
- The script *should* work for both Linux and Windows
- reverse shell module (`-r`, `-i`, `p` options) aren't implemented
- Use responsibly
<p>

### TODO:
- [ ] Platform specific reverse shell modules
- [ ] Vuln identification
- [ ] Verbosity with vuln identification

### Refs:
- Credit to [Orange Tsai](https://twitter.com/orange_8361)
- https://github.com/orangetw/awesome-jenkins-rce-2019
- https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html
- https://twitter.com/orange_8361/status/1075492505657925632

文件快照

 [4.0K]  /data/pocs/95f38158f59126677f1c2e2feba13d9df2200b87
├── [2.2K]  exploit.py
└── [1.6K]  README.md

0 directories, 2 files

备注