# Exploiting Jenkins with `pwn_jenkins` Jenkins is a widely used automation server that can sometimes be misconfigured or left exposed, leading to potential security vulnerabilities. The [`pwn_jenkins`](https://github.com/gquere/pwn_jenkins) project provides a powerful Python script to exploit such scenarios by leveraging the Jenkins script console. ## About `pwn_jenkins` The `pwn_jenkins` tool is designed to exploit Jenkins Script Console on a Jenkins instance where you're already authenticated and the script console is accessible. It provides the ability to: - Upload a JSP webshell - Interact with the shell to run commands - Retrieve the output of commands from the compromised Jenkins server **GitHub Repository:** [https://github.com/gquere/pwn_jenkins](https://github.com/gquere/pwn_jenkins) ## How it Works The script uses Jenkins’ `/script` endpoint to upload a JSP webshell by leveraging Groovy code execution. Once the webshell is deployed, the script can be used to send system commands and retrieve outputs through the web interface. ### Webshell Mechanism 1. The webshell uses a parameter (`cmd`) to execute system commands. 2. Jenkins stores the output of these commands in a specific file. 3. A second request retrieves the output of the command from that file. This two-step mechanism ensures reliable command execution and response retrieval. ## Usage ### Requirements - Python 3.x - `requests` module (`pip install requests`) - Valid Jenkins credentials or session (e.g., cookie or basic auth) ### Running the Exploit ```bash python3 pwn_jenkins.py --url http:// --user --password ``` You will then get a shell-like interface to run commands on the compromised Jenkins server. ### Options - `--url`: Target Jenkins URL - `--user`: Jenkins username (optional if using cookie) - `--password`: Jenkins password (optional if using cookie) - `--cookie`: Use a session cookie for authentication ## Features - Deploys a JSP webshell on the Jenkins server - Provides an interactive shell interface - Simple and easy-to-use CLI - Supports both Basic Auth and Cookie-based authentication ## Limitations - You must already have access to the Jenkins script console - It does not provide exploitation methods to bypass authentication ## Disclaimer This tool is for educational purposes only. Usage of `pwn_jenkins` for attacking targets without prior mutual consent is illegal and unethical. ## Author Developed by [Guillaume Quere](https://github.com/gquere) GitHub Repo: [https://github.com/gquere/pwn_jenkins](https://github.com/gquere/pwn_jenkins)

Support Crack-Vault and help us keep providing free tools. Every donation counts! (BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn

PWN_JENKINS

NikolasHume

Exploiting Jenkins with `pwn_jenkins`

Jenkins is a widely used automation server that can sometimes be misconfigured or left exposed, leading to potential security vulnerabilities. The pwn_jenkins project provides a powerful Python script to exploit such scenarios by leveraging the Jenkins script console.

About `pwn_jenkins`

The pwn_jenkins tool is designed to exploit Jenkins Script Console on a Jenkins instance where you're already authenticated and the script console is accessible. It provides the ability to:

Upload a JSP webshell
Interact with the shell to run commands
Retrieve the output of commands from the compromised Jenkins server

GitHub Repository: https://github.com/gquere/pwn_jenkins

How it Works

The script uses Jenkins’ /script endpoint to upload a JSP webshell by leveraging Groovy code execution. Once the webshell is deployed, the script can be used to send system commands and retrieve outputs through the web interface.

Webshell Mechanism

The webshell uses a parameter (cmd) to execute system commands.
Jenkins stores the output of these commands in a specific file.
A second request retrieves the output of the command from that file.

This two-step mechanism ensures reliable command execution and response retrieval.

Usage

Requirements

Python 3.x
requests module (pip install requests)
Valid Jenkins credentials or session (e.g., cookie or basic auth)

Running the Exploit

python3 pwn_jenkins.py --url http://<jenkins-url> --user <username> --password <password>

You will then get a shell-like interface to run commands on the compromised Jenkins server.

Options

--url: Target Jenkins URL
--user: Jenkins username (optional if using cookie)
--password: Jenkins password (optional if using cookie)
--cookie: Use a session cookie for authentication

Features

Deploys a JSP webshell on the Jenkins server
Provides an interactive shell interface
Simple and easy-to-use CLI
Supports both Basic Auth and Cookie-based authentication

Limitations

You must already have access to the Jenkins script console
It does not provide exploitation methods to bypass authentication

Disclaimer

This tool is for educational purposes only. Usage of pwn_jenkins for attacking targets without prior mutual consent is illegal and unethical.

Author

Developed by Guillaume Quere

GitHub Repo: https://github.com/gquere/pwn_jenkins

📱

Download Now—Top Software, No Cost!