## https://sploitus.com/exploit?id=A2AEFA87-18BA-52C0-977A-8E961F9AFFA7
# **Exploitation of Vulnerability CVE-2024-23897 in Jenkins**
## **Vulnerability Description: CVE-2024-23897**
**CVE-2024-23897** is a critical vulnerability discovered in Jenkins, a popular continuous integration tool. This vulnerability allows remote command execution (RCE) on the Jenkins server due to a lack of proper restrictions on node access and connection functions.
### **Vulnerability Details:**
- **`CVE-ID`**: CVE-2024-23897
- **`Type`**: Remote Code Execution `(RCE)`
- **`Impact`**: An unauthenticated attacker can send specially crafted requests that allow arbitrary commands to be executed on the Jenkins server, leading to system compromise.
- **`Affected`**: `Jenkins` versions prior to the fix of this `CVE`.
### **Attack Vector:**
- An attacker can exploit this vulnerability using the `jenkins-cli.jar` file, which allows communication between `Jenkins` and its nodes.
- Through a malicious node, the attacker can upload and execute arbitrary commands on the `Jenkins` server.
### **Mitigation:**
- It is recommended to update `Jenkins` to the latest available version that has fixed this vulnerability.
- Also, access to the Jenkins administration interface can be limited to authorized users only.
---
## **Use of CVE-2024-23897 Exploit Script**
This `Python` script exploits the `CVE-2024-23897` vulnerability in outdated `Jenkins` servers. The script interacts with the Jenkins server and executes arbitrary commands using the `jenkins-cli.jar` file.
### **Requirements:**
- `Python 3.x`
- `requests` and `subprocess` libraries installed in the execution environment.
- Network connection to the `Jenkins vulnerable` server.
### **Script Functionality:**
1. **`Download the file `jenkins-cli.jar`** from the Jenkins server.
2. **`Connect Jenkins node`** using the downloaded file and execute malicious commands on the remote server.
3. **`Perform specific actions`** such as reading arbitrary files on the server.
---
### **Steps to Run the Script:**
- **`Installing dependencies`**: Make sure you have `Python 3` and the `requests` library installed. You can install it using `pip`:
```bash
pip3 install requests
```
**`Script Usage`**: Download the exploitation script file and run it from the terminal:
```bash
python3 cve-2024-23897.py
```
The script will ask you to enter the following parameters:
- **`Jenkins Server IP Address`**: The IP where Jenkins is running.
- **`Jenkins Server Port`**: The port that Jenkins is listening on (default is `8080`).
- **`Path to read file`**: The path of the file you want to access on the vulnerable server (for example, `/etc/passwd`).
The script will download the `jenkins-cli.jar` file from the Jenkins server and then execute the commands defined in the file you have indicated as a parameter.
---
## **Vulnerable Laboratory to Prove Exploitation**
To test the vulnerability in a controlled environment, we have included a `Docker`-based vulnerable lab. You will only need to unzip the `ZIP` file on your `Kali Linux` machine, run the `.sh` file, and deploy the `Docker` environment to perform the test.
### **Instructions for Deploying the Laboratory:**
**Download the LAB `.tar`**: First, unzip the file containing the vulnerable lab:
[Download LAB](https://drive.google.com/file/d/1KMnJxgk5BLfj_SJRWOPEUUC_r4VdtsOC/view?usp=sharing)
**Run the deployment script**: Inside a folder, you will have to have the 2 files, one of them `auto_mount.sh`. This script is designed to deploy the vulnerable `Docker` environment automatically and the laboratory in `TAR` that you will have to pass as a parameter. Run it with:
```bash
bash auto_mount.sh cve-2024-23897.tar
```
The script will take the compressed Docker `.tar` file as a parameter to launch the vulnerable container and test the exploitation of the vulnerability.
**Connect to the Jenkins server**: Once the `Docker` environment is running, you will be able to connect to the Jenkins server from your `Kali Linux` machine. The `Jenkins` interface will be available at the `IP` address and port configured in the container.
**Run Exploit Script**: Now that the vulnerable Jenkins server is running, you can run the exploit script on the `Kali` machine and try remote code execution on Jenkins.
---
## **Project Structure**
- **cve-2024-23897.py**: `Python` script to exploit the `CVE-2024-23897` vulnerability.
- **deploy.sh**: Script to automatically deploy the vulnerable `Docker` environment.
- **cve-2024-23897.tar**: Compressed `Docker` file to raise vulnerable `Jenkins` server.
---
## **Important Notes:**
- **Ethical Use**: This lab and script should be used exclusively in controlled environments and for educational or security testing purposes.
- **Liability**: The use of these tools on unauthorized systems is illegal and may have legal consequences. Always perform security tests with the appropriate permission.
---
**Developed by**: d1se0
**Contact**: ciberseguridad12345@gmail.com