cve-2019-1003000-jenkins-rce-poc icon indicating copy to clipboard operation
cve-2019-1003000-jenkins-rce-poc copied to clipboard

Published 20 hours ago verified publisher icon adamyordan

exploit doesnt work

Open gitdhar opened this issue 5 years ago • 0 comments

I get this failure below. @adamyordan , can you please let me know what I'm doing wrong?

python exploit.py --url http://aws-jenkins:8080 --job my-pipeline --username user1 --password user1 --cmd "cat /etc/passwd" [+] connecting to jenkins... [+] get_jobs ... [{u'url': u'http://localhost:8080/job/my-pipeline/', u'color': u'blue', u'fullname': u'my-pipeline', u'_class': u'org.jenkinsci.plugins.workflow.job.WorkflowJob', u'name': u'my-pipeline'}] [+] crafting payload... [+] modifying job with payload... [+] putting job build to queue... [+] waiting for job to build... [+] restoring job... [+] fetching output... [+] OUTPUT: Started by user User 1 Running in Durability level: MAX_SURVIVABILITY org.codehaus.groovy.control.MultipleCompilationErrorsException: startup failed: WorkflowScript: 7: unexpected token: @ line 7, column 1. 1 error

    at org.codehaus.groovy.control.ErrorCollector.failIfErrors(ErrorCollector.java:310)
    at org.codehaus.groovy.control.ErrorCollector.addFatalError(ErrorCollector.java:150)
    at org.codehaus.groovy.control.ErrorCollector.addError(ErrorCollector.java:120)
    at org.codehaus.groovy.control.ErrorCollector.addError(ErrorCollector.java:132)
    at org.codehaus.groovy.control.SourceUnit.addError(SourceUnit.java:350)
    at org.codehaus.groovy.antlr.AntlrParserPlugin.transformCSTIntoAST(AntlrParserPlugin.java:144)
    at org.codehaus.groovy.antlr.AntlrParserPlugin.parseCST(AntlrParserPlugin.java:110)
    at org.codehaus.groovy.control.SourceUnit.parse(SourceUnit.java:234)
    at org.codehaus.groovy.control.CompilationUnit$1.call(CompilationUnit.java:168)
    at org.codehaus.groovy.control.CompilationUnit.applyToSourceUnits(CompilationUnit.java:943)
    at org.codehaus.groovy.control.CompilationUnit.doPhaseOperation(CompilationUnit.java:605)
    at org.codehaus.groovy.control.CompilationUnit.processPhaseOperations(CompilationUnit.java:581)
    at org.codehaus.groovy.control.CompilationUnit.compile(CompilationUnit.java:558)
    at groovy.lang.GroovyClassLoader.doParseClass(GroovyClassLoader.java:298)
    at groovy.lang.GroovyClassLoader.parseClass(GroovyClassLoader.java:268)
    at groovy.lang.GroovyShell.parseClass(GroovyShell.java:688)
    at groovy.lang.GroovyShell.parse(GroovyShell.java:700)
    at org.jenkinsci.plugins.workflow.cps.CpsGroovyShell.doParse(CpsGroovyShell.java:131)
    at org.jenkinsci.plugins.workflow.cps.CpsGroovyShell.reparse(CpsGroovyShell.java:125)
    at org.jenkinsci.plugins.workflow.cps.CpsFlowExecution.parseScript(CpsFlowExecution.java:560)
    at org.jenkinsci.plugins.workflow.cps.CpsFlowExecution.start(CpsFlowExecution.java:521)
    at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:320)
    at hudson.model.ResourceController.execute(ResourceController.java:97)
    at hudson.model.Executor.run(Executor.java:429)

Finished: FAILURE

gitdhar avatar Aug 30 '19 21:08 gitdhar