Syndicated Blog

The Duality of Attackers - Or Why Bad Guys are a Good Thing™It’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed ...

BugBounty story #bugbountytipsA fixed but they didn't pay the bugbounty story...Timeline:reported 21 Oct 2019validated at Critical 23 Oct 2019validated as fixed 30 Oct 2019Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 ...

"Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload ...

Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - ...

second exploit from the blog posthttps://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlChained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRFhttps://jenkins.io/security/advisory/2018-06-25/#SECURITY-915This affects the GitHub plugin that is installed by default. However, I learned that when you spin up a new ...

If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way:hashed_pw='$PASSWORDHASH'passwd = hudson.util.Secret.decrypt(hashed_pw)println(passwd)You need to perform this on the ...

A collection of posts on attacking Jenkinshttp://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.htmlManipulating build steps to get RCEhttps://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2Using the terminal plugin to get RCEhttps://sharadchhetri.com/2018/12/02/managing-jenkins-plugins/Getting going with the jenkins-clihttps://github.com/Coalfire-Research/java-deserialization-exploits/tree/master/Jenkinshttps://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstreamCVE-2015-8103 & CVE-2016-0792https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlhttp://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlunauth user enumeration jenkins 1>CVE-2019-1003000 (https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266)vulns in: Pipeline: Declarative ...

After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants.While not totally related to the blog post and tweet the ...

Jenkins notes for:https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlhttp://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlto download old jenkins WAR fileshttp://updates.jenkins-ci.org/download/war/1st bug in the blog is a username enumeration bug inJenkins weekly up to and including 2.145Jenkins LTS up to and including 2.138.1From the blog:Pre-auth ...

Notes on abusing open Docker socketsThis wont cover breaking out of docker containersPorts: usually 2375 & 2376 but can be anythingRefs:https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0https://www.slideshare.net/BorgHan/hacking-docker-the-easy-wayhttps://blog.secureideas.com/2018/05/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-1.htmlhttps://blog.secureideas.com/2018/08/escaping-the-whale-things-you-probably-shouldnt-do-with-docker-part-2.htmlhttps://infoslack.com/devops/exploring-docker-remote-apihttps://www.blackhat.com/docs/us-17/thursday/us-17-Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same-Origin-Bypass-And-Persistence_wp.pdfhttps://raesene.github.io/blog/2016/03/06/The-Dangers-Of-Docker.sock/https://cert.litnet.lt/2016/11/owning-system-through-an-exposed-docker-engine/https://medium.com/@riccardo.ancarani94/attacking-docker-exposed-api-3e01ffc3c124https://www.exploit-db.com/exploits/42356https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/docker_daemon_tcp.rbhttp://blog.nibblesec.org/2014/09/abusing-dockers-remote-apis.htmlhttps://www.prodefence.org/knock-knock-docker-will-you-let-me-in-open-api-abuse-in-docker-containers/https://blog.ropnop.com/plundering-docker-images/Enable docker socket (Create practice locations)https://success.docker.com/article/how-do-i-enable-the-remote-api-for-dockerdHaving the docker API | socket exposed ...