Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates jenkins_gather module to work with newer version of Jenkins #18065

Merged
merged 1 commit into from Jun 23, 2023
Merged

Updates jenkins_gather module to work with newer version of Jenkins #18065

merged 1 commit into from Jun 23, 2023

Conversation

cgranleese-r7
Copy link
Contributor

@cgranleese-r7 cgranleese-r7 commented Jun 5, 2023
edited

This PR updates the jenkins_gather module to work with newer versions of Jenkins.

Changes the logic from group loot to now check for each specific file individually, allowing for more flexibility across Jenkins version where files these loot file are created at different times of setup.

This PR also adds support for initialAdminPassword to now be stored as loot. Newer version off Jenkins have this value when you skip the account setup and continue as admin. Thought it may be useful for a user to have.

image

Tested against Jenkins versions:

  • 2.411 馃煝
  • 2.410 馃煝
  • 2.409 馃煝
  • 2.401.1 馃煝
  • 2.346.3 馃煝
  • 2.103 馃煝
  • 1.565 馃煝

Before

image

After

image

initialAdminPassword

image

initialAdminPassword loot

image

Verification

  • Run a target docker container: docker run -p 8080:8080 jenkins/jenkins:latest
  • Start msfconsole
  • Get a session I used exploit/multi/http/jenkins_script_console
  • Set the session and run
  • I tested this by run the gather before creating any credentials on the Jenkins client, then tested again after adding some creds.

@cgranleese-r7 cgranleese-r7 added the rn-fix release notes fix label Jun 5, 2023
@cgranleese-r7 cgranleese-r7 force-pushed the fixes-jenkins-gather-error-when-creds-arent-created branch 2 times, most recently from d52d4d9 to d425d5d Compare June 5, 2023 14:21
@adfoster-r7 adfoster-r7 self-assigned this Jun 6, 2023
@cgranleese-r7 cgranleese-r7 force-pushed the fixes-jenkins-gather-error-when-creds-arent-created branch from d425d5d to a2f0234 Compare June 8, 2023 13:40
@cgranleese-r7 cgranleese-r7 force-pushed the fixes-jenkins-gather-error-when-creds-arent-created branch from a2f0234 to e68425c Compare June 8, 2023 14:08
@sempervictus
Copy link
Contributor

This is why we can't have nCIe things... 馃槈

@cgranleese-r7 cgranleese-r7 force-pushed the fixes-jenkins-gather-error-when-creds-arent-created branch from e68425c to d9f325e Compare June 12, 2023 14:13
@cgranleese-r7
Copy link
Contributor Author

@msjenkins-r7 retest this please

@adfoster-r7 adfoster-r7 assigned dwelch-r7 and unassigned adfoster-r7 Jun 19, 2023
@cgranleese-r7 cgranleese-r7 force-pushed the fixes-jenkins-gather-error-when-creds-arent-created branch 3 times, most recently from 894aee3 to 9ae8acd Compare June 22, 2023 16:12
@cgranleese-r7 cgranleese-r7 force-pushed the fixes-jenkins-gather-error-when-creds-arent-created branch from 9ae8acd to 9176d0d Compare June 23, 2023 09:02
@dwelch-r7 dwelch-r7 merged commit d68eb84 into rapid7:master Jun 23, 2023
30 checks passed
@dwelch-r7
Copy link
Contributor

Release Notes

Updates jenkins_gather module to work with newer version of Jenkins

@cgranleese-r7 cgranleese-r7 deleted the fixes-jenkins-gather-error-when-creds-arent-created branch June 23, 2023 11:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwelch-r7 dwelch-r7 dwelch-r7 left review comments

@adfoster-r7 adfoster-r7 adfoster-r7 left review comments

Assignees

@dwelch-r7 dwelch-r7

Labels
rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@cgranleese-r7 @sempervictus @dwelch-r7 @adfoster-r7