CVE-2014-2064 PoC — CloudBees Jenkins 安全漏洞

Source

Associated Vulnerability

Title:CloudBees Jenkins 安全漏洞 (CVE-2014-2064)
Description:The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts.

Description

Reproducible exploits for: CVE-2016-1240 CVE-2008-2938 CVE-2014-2064 CVE-2014-1904

Readme

# [Offensive technologies course](https://securitylab.disi.unitn.it/doku.php?id=course_on_offensive_technologies)

This repository contains descriptions of several vulnerabilities and the code that exploits them.

Exploitable environments can be found in `/dockerfiles/victim` folder. Attacker environments can be found in `/dockerfiles/attacker` folder. Everything comes as Docker images.

Exploited CVEs:
* CVE-2008-2938 (Tomcat path traversal)
* CVE-2014-1904 (Spring path traversal)
* CVE-2014-2064 (Jenkins information disclosure)
* CVE-2016-1240 (Tomcat privilege escalation)

For each vulnerability a shell is uploaded on the victim server, infecting each webpage in order to include an [exploit kit](https://www.f-secure.com/en/web/labs_global/exploit-kits)

File Snapshot


 [4.0K]  /data/pocs/626cfcf182ac1e087fb302c57a5e03e05ed0ea08
├── [4.0K]  descriptions
│   ├── [4.0K]  CVE-2008-2370 Tomcat Path Traversal
│   │   ├── [ 977]  CVE20082370.java
│   │   └── [ 724]  README.md
│   ├── [4.0K]  CVE-2008-2938 Tomcat Full Path Traversal
│   │   └── [ 916]  README.md
│   ├── [4.0K]  CVE-2011-0013 Tomcat administrator XSS
│   │   └── [1.9K]  README.md
│   ├── [4.0K]  CVE-2014-1904 Spring XSS
│   │   └── [4.2K]  README.md
│   ├── [4.0K]  CVE-2014-2064 Jenkins Information Disclosure
│   │   └── [1.3K]  README.md
│   └── [4.0K]  CVE-2016-1240 Tomcat Privilege Escalation
│       ├── [1.7K]  README.md
│       └── [6.9K]  tomcat-rootprivesc-deb.sh
├── [4.0K]  dockerfiles
│   ├── [4.0K]  Attacker
│   │   ├── [4.0K]  Metasploit
│   │   │   ├── [  92]  build.sh
│   │   │   └── [4.0K]  msf
│   │   │       └── [4.0K]  pathTraversal
│   │   │           ├── [  16]  after.rc
│   │   │           ├── [ 744]  arguments.py
│   │   │           ├── [ 773]  compromise.py
│   │   │           ├── [ 226]  database.py
│   │   │           ├── [ 121]  deploy.rc
│   │   │           ├── [ 325]  deploy.sh
│   │   │           ├── [  25]  escalate.rc
│   │   │           ├── [1.4K]  exploit.py
│   │   │           ├── [ 426]  injectExampleFile.sh
│   │   │           ├── [ 708]  injectPrivileged.rb
│   │   │           ├── [ 826]  inject.rb
│   │   │           ├── [ 569]  injectWithPriv.sh
│   │   │           ├── [ 195]  output.py
│   │   │           ├── [  32]  runInject.rb
│   │   │           ├── [ 807]  traversal.py
│   │   │           ├── [1000]  uploadShell.rb
│   │   │           └── [  20]  uploadShell.rc
│   │   ├── [4.0K]  Node
│   │   │   ├── [ 142]  build.sh
│   │   │   ├── [ 552]  Dockerfile
│   │   │   └── [4.0K]  shared
│   │   │       ├── [7.1K]  brute.js
│   │   │       ├── [ 990]  buildInjectFile.js
│   │   │       ├── [ 276]  config.json
│   │   │       ├── [ 424]  infect.sh
│   │   │       ├── [ 335]  package.json
│   │   │       └── [ 705]  secure.js
│   │   └── [ 589]  README.md
│   └── [4.0K]  Victim
│       ├── [4.0K]  Java1.5.05
│       │   └── [1.2K]  Dockerfile
│       ├── [4.0K]  Jenkins1.503
│       │   ├── [ 208]  build.sh
│       │   ├── [2.6K]  Dockerfile
│       │   ├── [ 327]  init.groovy
│       │   ├── [5.8K]  install-plugins.sh
│       │   ├── [1.2K]  jenkins.sh
│       │   ├── [4.9K]  jenkins-support
│       │   └── [3.8K]  plugins.sh
│       ├── [4.0K]  Jenkins1.531
│       │   ├── [ 185]  build.sh
│       │   ├── [2.8K]  Dockerfile
│       │   ├── [ 327]  init.groovy
│       │   ├── [5.8K]  install-plugins.sh
│       │   ├── [1.2K]  jenkins.sh
│       │   ├── [4.9K]  jenkins-support
│       │   └── [3.8K]  plugins.sh
│       ├── [ 613]  README.md
│       ├── [4.0K]  Spring4.0.1
│       │   ├── [ 196]  build.sh
│       │   ├── [ 310]  config.xml
│       │   ├── [1.0K]  Dockerfile
│       │   ├── [3.9M]  springapp401-1.0-SNAPSHOT.war
│       │   ├── [ 374]  tomcat-users.xml
│       │   └── [6.4K]  web.xml
│       ├── [4.0K]  Spring4.1.1
│       │   ├── [ 175]  build.sh
│       │   ├── [ 310]  config.xml
│       │   ├── [1018]  Dockerfile
│       │   ├── [4.0K]  shared
│       │   │   └── [ 218]  watchdog.sh
│       │   ├── [4.2M]  springapp411-1.0-SNAPSHOT.war
│       │   ├── [ 374]  tomcat-users.xml
│       │   ├── [ 218]  watchdog.sh
│       │   └── [6.4K]  web.xml
│       ├── [4.0K]  Tomcat6.0.1
│       │   ├── [ 190]  build.sh
│       │   ├── [ 348]  context.xml
│       │   ├── [1.1K]  Dockerfile
│       │   ├── [ 100]  init.sh
│       │   ├── [5.0K]  server.xml
│       │   └── [ 374]  tomcat-users.xml
│       ├── [4.0K]  Tomcat6.0.16
│       │   ├── [ 174]  build.sh
│       │   ├── [ 348]  context.xml
│       │   ├── [1.2K]  Dockerfile
│       │   ├── [ 100]  init.sh
│       │   ├── [5.0K]  server.xml
│       │   └── [ 374]  tomcat-users.xml
│       ├── [4.0K]  Tomcat6.0.39
│       │   ├── [ 204]  build.sh
│       │   ├── [ 643]  Dockerfile
│       │   └── [4.0K]  shared
│       │       └── [ 416]  own.c
│       └── [4.0K]  Tomcat7.0.68
│           ├── [ 204]  build.sh
│           ├── [ 712]  Dockerfile
│           ├── [4.0K]  shared
│           │   ├── [ 416]  own.c
│           │   └── [ 262]  test.sh
│           └── [ 374]  tomcat-users.xml
├── [ 765]  README.md
└── [4.0K]  Slides
    ├── [1.6M]  Exploits Presentation Part 1.pptx
    ├── [1.4M]  Exploits Presentation Part 2.pptx
    ├── [1.4M]  Final presentation.pptx
    └── [197K]  Vulnerabilities Presentation.pptx

28 directories, 90 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!