Jenkins is a very important component of the CI/CD pipeline in a DevOps environment and mainly works as an automation server. The primary task of Jenkins is to provide continuous integration and facilitate continuous delivery in the software development process. Jenkins can be integrated with version management systems such as GitHub. In a typical scenario, Jenkins would fetch code uploaded to GitHub, build it, and then deploy it in a production environment. To learn more about Jenkins, see https://www.cloudbees.com/jenkins/about.

Jenkins offers options to provide custom build commands and arguments within its build console. These commands are sent directly to the shell of the operating system (OS). In such a scenario, we can inject malicious code into the build commands to compromise the server running Jenkins, getting access to the target network.

We will start by launching a Windows Server 2008 instance (you may choose any tier; however, the free tier should be enough). For this tutorial, the default storage would be enough. Let the EC2 instance spin up.

We will be configuring the instance to be vulnerable. Hence, in the incoming/outgoing rules section, ensure only port 3389 is open to the external network. Also, in order to ensure our Kali machine is able to access the Jenkins server, allow incoming connections from your Kali machine's IP and nowhere else.

Your firewall rules for the Jenkins machine should look something like this:

Here, All traffic is allowed only from the security group of the Kali machine. This is just a safety measure to ensure no one else can access our vulnerable Jenkins machine.

Once the instance is up, it is time to set up a vulnerable Jenkins service on our target machine. RDP into the machine you just created and follow these steps:

1. Download the Jenkins installation package from http://mirrors.jenkins.io/windows/latest:

2. Simply double-click on the Jenkins installation file. Follow the onscreen instructions:

3. Keep the install location default and click Next:

4. Finally, click on Install:

Once your installation finishes, the browser will open automatically and prompt you to configure the Jenkins installation:

During the installation, the Jenkins installer creates an initial 32-character long alphanumeric password.

5. Open the initialAdminPassword file, located at C:Program Files (x86)Jenkinssecrets:

6. Copy the password inside the file, paste it into the Administrator password field, and click Continue:

On the next screen, the setup wizard will ask you whether you want to Install suggested plugins or select specific plugins.

7. Click on the Install suggested plugins box and the installation process will start immediately:

Once the plugins are installed, you will be prompted to set up the first admin user.

8. To make it a vulnerable instance, we are setting up the account with the username admin and the password also admin. Fill out all the other required information and click on Save and Continue:

We want our Jenkins service to be available on the Local Area Connection interface.

9. Find the IP address of your Windows Server 2008 EC2 instance using the ipconfig command in Command Prompt:

10. Note the IPv4 address and fill in the IP on the Jenkins configuration page while configuring the URL:

11. Click on Save and Finish and then on start using Jenkins. At this point, you've successfully installed Jenkins on your system. You will be redirected to the Jenkins dashboard after login.

To test if the Jenkins login is reachable from the Kali machine, do the following:

1. Create an SSH tunnel to the Kali machine using PuTTY
2. Port-forward local port 8080 to the Jenkins machine's port 8080:

3. Open a browser and point to http://localhost:8080

You'll be presented with the Jenkins login page. This means our Jenkins machine is accessible from the Kali machine.