POC详情: 7bca31d4a5db3c2c27bba21d743a90530487f17a

来源
关联漏洞
标题: Jenkins 安全漏洞 (CVE-2024-23897)
描述:Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。 Jenkins 2.441及之前版本、LTS 2.426.2及之前版本存在安全漏洞,该漏洞源于允许未经身份验证的攻击者读取Jenkins控制器文件系统。
介绍
# **Exploitation of Vulnerability CVE-2024-23897 in Jenkins**

## **Vulnerability Description: CVE-2024-23897**

**CVE-2024-23897** is a critical vulnerability discovered in Jenkins, a popular continuous integration tool. This vulnerability allows remote command execution (RCE) on the Jenkins server due to a lack of proper restrictions on node access and connection functions.

### **Vulnerability Details:**

- **`CVE-ID`**: CVE-2024-23897
- **`Type`**: Remote Code Execution `(RCE)`
- **`Impact`**: An unauthenticated attacker can send specially crafted requests that allow arbitrary commands to be executed on the Jenkins server, leading to system compromise.
- **`Affected`**: `Jenkins` versions prior to the fix of this `CVE`.

### **Attack Vector:**

- An attacker can exploit this vulnerability using the `jenkins-cli.jar` file, which allows communication between `Jenkins` and its nodes.
- Through a malicious node, the attacker can upload and execute arbitrary commands on the `Jenkins` server.

### **Mitigation:**

- It is recommended to update `Jenkins` to the latest available version that has fixed this vulnerability.
- Also, access to the Jenkins administration interface can be limited to authorized users only.

---

## **Use of CVE-2024-23897 Exploit Script**

This `Python` script exploits the `CVE-2024-23897` vulnerability in outdated `Jenkins` servers. The script interacts with the Jenkins server and executes arbitrary commands using the `jenkins-cli.jar` file.

### **Requirements:**

- `Python 3.x`
- `requests` and `subprocess` libraries installed in the execution environment.
- Network connection to the `Jenkins vulnerable` server.

### **Script Functionality:**

1. **`Download the file `jenkins-cli.jar`** from the Jenkins server.
2. **`Connect Jenkins node`** using the downloaded file and execute malicious commands on the remote server.
3. **`Perform specific actions`** such as reading arbitrary files on the server.

---

### **Steps to Run the Script:**

- **`Installing dependencies`**: Make sure you have `Python 3` and the `requests` library installed. You can install it using `pip`:

```bash
pip3 install requests
```

**`Script Usage`**: Download the exploitation script file and run it from the terminal:

```bash
python3 cve-2024-23897.py
```

The script will ask you to enter the following parameters:

- **`Jenkins Server IP Address`**: The IP where Jenkins is running.
- **`Jenkins Server Port`**: The port that Jenkins is listening on (default is `8080`).
- **`Path to read file`**: The path of the file you want to access on the vulnerable server (for example, `/etc/passwd`).

The script will download the `jenkins-cli.jar` file from the Jenkins server and then execute the commands defined in the file you have indicated as a parameter.

---

## **Vulnerable Laboratory to Prove Exploitation**

To test the vulnerability in a controlled environment, we have included a `Docker`-based vulnerable lab. You will only need to unzip the `ZIP` file on your `Kali Linux` machine, run the `.sh` file, and deploy the `Docker` environment to perform the test.

### **Instructions for Deploying the Laboratory:**

**Download the LAB `.tar`**: First, unzip the file containing the vulnerable lab:

[Download LAB](https://drive.google.com/file/d/1KMnJxgk5BLfj_SJRWOPEUUC_r4VdtsOC/view?usp=sharing)
 
**Run the deployment script**: Inside a folder, you will have to have the 2 files, one of them `auto_mount.sh`. This script is designed to deploy the vulnerable `Docker` environment automatically and the laboratory in `TAR` that you will have to pass as a parameter. Run it with:

```bash
bash auto_mount.sh cve-2024-23897.tar
```

The script will take the compressed Docker `.tar` file as a parameter to launch the vulnerable container and test the exploitation of the vulnerability.

**Connect to the Jenkins server**: Once the `Docker` environment is running, you will be able to connect to the Jenkins server from your `Kali Linux` machine. The `Jenkins` interface will be available at the `IP` address and port configured in the container.

**Run Exploit Script**: Now that the vulnerable Jenkins server is running, you can run the exploit script on the `Kali` machine and try remote code execution on Jenkins.

---

## **Project Structure**

- **cve-2024-23897.py**: `Python` script to exploit the `CVE-2024-23897` vulnerability.
- **deploy.sh**: Script to automatically deploy the vulnerable `Docker` environment.
- **cve-2024-23897.tar**: Compressed `Docker` file to raise vulnerable `Jenkins` server.

---

## **Important Notes:**

- **Ethical Use**: This lab and script should be used exclusively in controlled environments and for educational or security testing purposes.
- **Liability**: The use of these tools on unauthorized systems is illegal and may have legal consequences. Always perform security tests with the appropriate permission.

---

**Developed by**: d1se0

**Contact**: ciberseguridad12345@gmail.com
文件快照

[4.0K] /data/pocs/7bca31d4a5db3c2c27bba21d743a90530487f17a ├── [6.6K] auto_mount.sh ├── [2.6K] cve-2024-23897.py ├── [4.0K] Download LAB Docker │   └── [ 368] Download-LAB-Docker.md └── [4.9K] README.md 1 directory, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。