Jenkins Exploit

Here come another Metasploitable3 exploit !!

This is blog, we will be exploiting jenkins running on Metasploitable3.

What is Jenkins ?

Jenkins is an open source automation server written in Java. Jenkins helps to automate the non-human part of the software development process, with continuous integration and facilitating technical aspects of continuous delivery.

Step 1: you guessed it !!

Nmap search

namp -sV -p- IP

From the ports identified from nmap result, try telnet to see whats runnning and whats not.

Hmm intresting, umm not really

As expected Jenkin runs on port 8484

If you look at the right bottom, you can see that the version number is disclosed, which means ? yes search we can search Metasploit for potential vulnerabilities.

Before that, a quick google search gave me this result : exploit CVE number: CVE-2015-8103

Now, search for the damn exploit in metasploit

We have the exploit, what do we do next ? yes set the values

show options
set RHOST x.x.x.x

yahoooooooooo!!! we have a shell

lets try a create a file called hack4 inside metasploitable3

Written on September 28, 2017