Proof of Concept

10.129.230.220

Nmap

PORT     STATE SERVICE
22/tcp   open  ssh
8080/tcp open  http-proxy

Initial Access

8080 웹서비스에서 Jenkins 2.441 사용

┌──(kali㉿kali)-[~/Builder]
└─$ whatweb http://10.129.230.220:8080
http://10.129.230.220:8080 [200 OK] Cookies[JSESSIONID.c7f7f1b4], Country[RESERVED][ZZ], HTML5, HTTPServer[Jetty(10.0.18)], HttpOnly[JSESSIONID.c7f7f1b4], IP[10.129.230.220], Jenkins[2.441], Jetty[10.0.18], OpenSearch[/opensearch.xml], Script[application/json,text/javascript], Title[Dashboard [Jenkins]], UncommonHeaders[x-content-type-options,x-hudson-theme,referrer-policy,cross-origin-opener-policy,x-hudson,x-jenkins,x-jenkins-session,x-instance-identity], X-Frame-Options[sameorigin]

Jenkins 2.441 버전에서 Local File Inclusion 취약점 발견 (CVE-2024-23897)

https://nvd.nist.gov/vuln/detail/cve-2024-23897

POC 다운로드

┌──(kali㉿kali)-[~/Builder]
└─$ git clone https://github.com/AbraXa5/Jenkins-CVE-2024-23897.git
Cloning into 'Jenkins-CVE-2024-23897'...
remote: Enumerating objects: 35, done.
remote: Counting objects: 100% (35/35), done.
remote: Compressing objects: 100% (26/26), done.
remote: Total 35 (delta 7), reused 31 (delta 6), pack-reused 0 (from 0)
Receiving objects: 100% (35/35), 2.60 MiB | 6.15 MiB/s, done.
Resolving deltas: 100% (7/7), done.

KalioNix

Explorer

Builder

Proof of Concept

10.129.230.220

Nmap

Initial Access

Table of Contents