Jenkins is an open source automation server written in Java. It automates the non-human part of software development. In this recipe, we will look at exploitation of CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), and CVE-2019-1003002 (Pipeline: Declarative), which came out in January, 2019.
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Kali - An Introduction
- Configuring Kali Linux
- Configuring the Xfce environment
- Configuring the MATE environment
- Configuring the LXDE environment
- Configuring the E17 environment
- Configuring the KDE environment
- Prepping with custom tools
- Zone Walking using DNSRecon
- Setting up I2P for anonymity
- Pentesting VPN's ike-scan
- Setting up proxychains
- Going on a hunt with Routerhunter
- Gathering Intel and Planning Attack Strategies
- Getting a list of subdomains
- Using Shodan for fun and profit
- Shodan Honeyscore
- Shodan plugins
- Censys
- Using Nmap to find open ports
- Bypassing firewalls with Nmap
- Searching for open directories using GoBuster
- Hunting for SSL flaws
- Automating brute force with BruteSpray
- Digging deep with TheHarvester
- Finding technology behind webapps using WhatWeb
- Scanning IPs with masscan
- Finding origin servers with CloudBunny
- Sniffing around with Kismet
- Testing routers with Firewalk
- Vulnerability Assessment - Poking for Holes
- Using the infamous Burp
- Exploiting WSDLs with Wsdler
- Using Intruder
- Using golismero
- Exploring Searchsploit
- Exploiting routers with routersploit
- Using Metasploit
- Automating Metasploit
- Writing a custom resource script
- Setting up a database in Metasploit
- Generating payloads with MSFPC
- Emulating threats with Cobalt Strike
- Web App Exploitation - Beyond OWASP Top 10
- Exploiting XSS with XSS Validator
- Injection attacks with sqlmap
- Owning all .svn and .git repositories
- Winning race conditions
- Exploiting XXEs
- Exploiting Jboss with JexBoss
- Exploiting PHP Object Injection
- Automating vulnerability detection using RapidScan
- Backdoors using meterpreter
- Backdoors using webshells
- Network Exploitation
- Introduction
- MITM with hamster and ferret
- Exploring the msfconsole
- Railgun in Metasploit
- Using the paranoid meterpreter
- The tale of a bleeding heart
- Exploiting Redis
- Saying no to SQL – owning MongoDBs
- Hacking embedded devices
- Exploiting Elasticsearch
- Good old Wireshark
- This is Sparta
- Exploiting Jenkins
- Shellver – reverse shell cheatsheet
- Generating payloads with MSFvenom Payload Creator (MSFPC)
- Wireless Attacks - Getting Past Aircrack-ng
- Password Attacks - The Fault in Their Stars
- Have Shell, Now What?
- Spawning a TTY shell
- Looking for weaknesses
- Horizontal escalation
- Vertical escalation
- Node hopping – pivoting
- Privilege escalation on Windows
- Pulling a plaintext password with Mimikatz
- Dumping other saved passwords from the machine
- Pivoting
- Backdooring for persistance
- Age of Empire
- Automating Active Directory (AD) exploitation with DeathStar
- Exfiltrating data through Dropbox
- Data exfiltration using CloakifyFactory
- Buffer Overflows
- Elementary, My Dear Watson - Digital Forensics
- Playing with Software-Defined Radios
- Kali in Your Pocket - NetHunters and Raspberries
- Writing Reports
- Other Books You May Enjoy
Exploiting Jenkins
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.