Jenkins RCE Creating/Modifying Project

Creating a Project

This method is very noisy because you have to create a hole new project (obviously this will only work if you user is allowed to create a new project).

1. Create a new project (Freestyle project) clicking "New Item" or in /view/all/newJob

2. Inside Build section set Execute shell and paste a powershell Empire launcher or a meterpreter powershell (can be obtained using unicorn). Start the payload with PowerShell.exe instead using powershell.

3. Click Build now

   1. If Build now button doesn't appear, you can still go to configure --> Build Triggers --> Build periodically and set a cron of * * * * *

   2. Instead of using cron, you can use the config "Trigger builds remotely" where you just need to set a the api token name to trigger the job. Then go to your user profile and generate an API token (call this API token as you called the api token to trigger the job). Finally, trigger the job with: curl <username>:<api_token>@<jenkins_url>/job/<job_name>/build?token=<api_token_name>

Modifying a Project

Go to the projects and check if you can configure any of them (look for the "Configure button"):

If you cannot see any configuration button then you cannot configure it probably (but check all projects as you might be able to configure some of them and not others).

Or try to access to the path /job/<proj-name>/configure or /me/my-views/view/all/job/<proj-name>/configure __ in each project (example: /job/Project0/configure or /me/my-views/view/all/job/Project0/configure).

Execution

If you are allowed to configure the project you can make it execute commands when a build is successful:

Click on Save and build the project and your command will be executed. If you are not executing a reverse shell but a simple command you can see the output of the command inside the output of the build.