Pwning Jenkins - Cloud : RCE/Creds/SourceCode
Santhosh Baswa
Security @ TikTok | PEP - No Sponsorship Required | Leadership | Architect | Speaker | Python | DFIR | Threat Hunting | SIEM | Security Automation (SOAR) | R&D
Hey Guys, lot of companies are using Jenkins for automate deployment of their projects/applications. This way every action take to update your project is synchronized and you can also see how the deployment went.
But, I thought Jenkins instance public is very bad. Lot of people unintentionally their instances open for others. Most of the unintentional Jenkins, able to see source code of their application, confidential information includes private keys to the APIs they used along with username & passwords for some of their services.
As a Security Ninja, we are very familiar with SHODAN(Hacker Search Engine). First we need to find vulnerable Jenkins instances that are publicly available.
SHODAN Query: https://www.shodan.io/search?query=x-jenkins
Wow, found 1k+ Jenkins instances are publicly accessible. Need to find vulnerable Jenkin Hosts (x-jenkins port:8081)
Exploitation Phase:
In this phase, if you see the WebGUI, we have to manage an app then you can understand what type of privilege you have already.
Just go to "Manage Application" -> go to "Manage Plugins" -> click on "Available" tab. This allows you to install available plugins. Install "Terminal Plugin" and install it.
We can able to access terminal access as well as source code & database also.
Thanks for reading everyone.
Security @ TikTok | PEP - No Sponsorship Required | Leadership | Architect | Speaker | Python | DFIR | Threat Hunting | SIEM | Security Automation (SOAR) | R&D
7 年I hope that, next quarter will play key role ** DevSec0ps** on cloud.....!!! ;)
ENGINEER CTO, Messenger and Head SERVANT OF ISLAM, Chief Architect NEXT-World MEMBER SUPREME COUNCIL FOR LORD OF THE WORLDS AND HEAVENS
7 年very funny Devops also know as Mainframe Technical Shared Services ( for the folks who are new to cloud)