Managing Nexus API Using Jenkins X

In my last post, Jenkins X — Managing Jenkins, I talked about how we manage our Jenkins server. This time around, I’ll be looking at the Nexus server and how it too ...

Nexus Intelligence Insights CVE-2020-2100: Jenkins – UDP Amplification Reflection Attack Leading to Distributed Denial of Service (DDoS)

In the wake of the serious Jenkins vulnerability impacting at least 12,000 Jenkins servers, we dedicate February’s Nexus Intelligence Insights to helping you solve it. This vulnerability is clever; it opens up ...

How to Publish Java Artifacts to Nexus Using Jenkins and Maven

In this article we are going to explore how you can publish your Java artifacts (.ear, .jar, .war) to Nexus 3 using Jenkins and Maven.For this I have created a docker compose ...

Identifying Security Vulnerabilities Inside a Jenkins Pipeline

What’s the best approach to secure vulnerabilities inside a Jenkins pipeline? Surprisingly, scale isn’t a consideration. Good security practices work whether you are talking about a personal project or an enterprise solution ...

Jenkins – CVE-2018-1000600 PoC

| | DEVOPS, jenkins, pentesting
second exploit from the blog posthttps://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlChained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRFhttps://jenkins.io/security/advisory/2018-06-25/#SECURITY-915This affects the GitHub plugin that is installed by default. However, I learned that when you spin up a new ...
Jenkins - decrypting credentials.xml

Jenkins – decrypting credentials.xml

| | jenkins, pentesting
If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way:hashed_pw='$PASSWORDHASH'passwd = hudson.util.Secret.decrypt(hashed_pw)println(passwd)You need to perform this on the ...

Jenkins Master Post

| | DEVOPS, jenkins, pentesting
A collection of posts on attacking Jenkinshttp://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.htmlManipulating build steps to get RCEhttps://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2Using the terminal plugin to get RCEhttps://sharadchhetri.com/2018/12/02/managing-jenkins-plugins/Getting going with the jenkins-clihttps://github.com/Coalfire-Research/java-deserialization-exploits/tree/master/Jenkinshttps://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstreamCVE-2015-8103 & CVE-2016-0792https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlhttp://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlunauth user enumeration jenkins 1>CVE-2019-1003000 (https://jenkins.io/security/advisory/2019-01-08/#SECURITY-1266)vulns in: Pipeline: Declarative ...
Jenkins - messing with exploits pt2 - CVE-2019-1003000

Jenkins – messing with exploits pt2 – CVE-2019-1003000

| | jenkins, pentesting
After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants.While not totally related to the blog post and tweet the ...
Jenkins - messing with new exploits pt1

Jenkins – messing with new exploits pt1

| | DEVOPS, jenkins, pentesting
Jenkins notes for:https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlhttp://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlto download old jenkins WAR fileshttp://updates.jenkins-ci.org/download/war/1st bug in the blog is a username enumeration bug inJenkins weekly up to and including 2.145Jenkins LTS up to and including 2.138.1From the blog:Pre-auth ...
How to Integrate Netsparker Into Your Existing SDLC

How to Integrate Netsparker Into Your Existing SDLC

What is the Software Development Lifecycle? The software industry has refined the Software Development Life Cycle process over many years. It is the process that software developers use to design, develop and ...