来源

关联漏洞

介绍

# **Exploitation of Vulnerability CVE-2024-23897 in Jenkins**

## **Vulnerability Description: CVE-2024-23897**

**CVE-2024-23897** is a critical vulnerability discovered in Jenkins, a popular continuous integration tool. This vulnerability allows remote command execution (RCE) on the Jenkins server due to a lack of proper restrictions on node access and connection functions.

### **Vulnerability Details:**

- **`CVE-ID`**: CVE-2024-23897
- **`Type`**: Remote Code Execution `(RCE)`
- **`Impact`**: An unauthenticated attacker can send specially crafted requests that allow arbitrary commands to be executed on the Jenkins server, leading to system compromise.
- **`Affected`**: `Jenkins` versions prior to the fix of this `CVE`.

### **Attack Vector:**

- An attacker can exploit this vulnerability using the `jenkins-cli.jar` file, which allows communication between `Jenkins` and its nodes.
- Through a malicious node, the attacker can upload and execute arbitrary commands on the `Jenkins` server.

### **Mitigation:**

- It is recommended to update `Jenkins` to the latest available version that has fixed this vulnerability.
- Also, access to the Jenkins administration interface can be limited to authorized users only.

---

## **Use of CVE-2024-23897 Exploit Script**

This `Python` script exploits the `CVE-2024-23897` vulnerability in outdated `Jenkins` servers. The script interacts with the Jenkins server and executes arbitrary commands using the `jenkins-cli.jar` file.

### **Requirements:**

- `Python 3.x`
- `requests` and `subprocess` libraries installed in the execution environment.
- Network connection to the `Jenkins vulnerable` server.

### **Script Functionality:**

1. **`Download the file `jenkins-cli.jar`** from the Jenkins server.
2. **`Connect Jenkins node`** using the downloaded file and execute malicious commands on the remote server.
3. **`Perform specific actions`** such as reading arbitrary files on the server.

---

### **Steps to Run the Script:**

- **`Installing dependencies`**: Make sure you have `Python 3` and the `requests` library installed. You can install it using `pip`:

```bash
pip3 install requests
```

**`Script Usage`**: Download the exploitation script file and run it from the terminal:

```bash
python3 cve-2024-23897.py
```

The script will ask you to enter the following parameters:

- **`Jenkins Server IP Address`**: The IP where Jenkins is running.
- **`Jenkins Server Port`**: The port that Jenkins is listening on (default is `8080`).
- **`Path to read file`**: The path of the file you want to access on the vulnerable server (for example, `/etc/passwd`).

The script will download the `jenkins-cli.jar` file from the Jenkins server and then execute the commands defined in the file you have indicated as a parameter.

---

## **Vulnerable Laboratory to Prove Exploitation**

To test the vulnerability in a controlled environment, we have included a `Docker`-based vulnerable lab. You will only need to unzip the `ZIP` file on your `Kali Linux` machine, run the `.sh` file, and deploy the `Docker` environment to perform the test.

### **Instructions for Deploying the Laboratory:**

**Download the LAB `.tar`**: First, unzip the file containing the vulnerable lab:

[Download LAB](https://drive.google.com/file/d/1KMnJxgk5BLfj_SJRWOPEUUC_r4VdtsOC/view?usp=sharing)
 
**Run the deployment script**: Inside a folder, you will have to have the 2 files, one of them `auto_mount.sh`. This script is designed to deploy the vulnerable `Docker` environment automatically and the laboratory in `TAR` that you will have to pass as a parameter. Run it with:

```bash
bash auto_mount.sh cve-2024-23897.tar
```

The script will take the compressed Docker `.tar` file as a parameter to launch the vulnerable container and test the exploitation of the vulnerability.

**Connect to the Jenkins server**: Once the `Docker` environment is running, you will be able to connect to the Jenkins server from your `Kali Linux` machine. The `Jenkins` interface will be available at the `IP` address and port configured in the container.

**Run Exploit Script**: Now that the vulnerable Jenkins server is running, you can run the exploit script on the `Kali` machine and try remote code execution on Jenkins.

---

## **Project Structure**

- **cve-2024-23897.py**: `Python` script to exploit the `CVE-2024-23897` vulnerability.
- **deploy.sh**: Script to automatically deploy the vulnerable `Docker` environment.
- **cve-2024-23897.tar**: Compressed `Docker` file to raise vulnerable `Jenkins` server.

---

## **Important Notes:**

- **Ethical Use**: This lab and script should be used exclusively in controlled environments and for educational or security testing purposes.
- **Liability**: The use of these tools on unauthorized systems is illegal and may have legal consequences. Always perform security tests with the appropriate permission.

---

**Developed by**: d1se0

**Contact**: ciberseguridad12345@gmail.com

文件快照

 [4.0K]  /data/pocs/7bca31d4a5db3c2c27bba21d743a90530487f17a
├── [6.6K]  auto_mount.sh
├── [2.6K]  cve-2024-23897.py
├── [4.0K]  Download LAB Docker
│   └── [ 368]  Download-LAB-Docker.md
└── [4.9K]  README.md

1 directory, 4 files

备注