pwn_jenkins
Notes about attacking Jenkins servers (by gquere)
CVE-2021-41773
Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773 (by thehackersbrain)
Our great sponsors
pwn_jenkins | CVE-2021-41773 | |
---|---|---|
2 | 1 | |
1,890 | 83 | |
- | - | |
5.7 | 2.6 | |
19 days ago | about 2 years ago | |
Python | Python | |
- | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pwn_jenkins
Posts with mentions or reviews of pwn_jenkins.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-05-05.
-
CorePlague: Severe Vulnerabilities in Jenkins Server Lead to Remote Code Execution
I did add it to the list though.
-
JAF is an internally developed, red team-oriented tool from Accenture for interacting with Jenkins build servers.
I'm maintaining a list of scripts and exploits for Jenkins here: https://github.com/gquere/pwn_jenkins
CVE-2021-41773
Posts with mentions or reviews of CVE-2021-41773.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-07.
-
Oh My WebServer TryHackMe Machine Writeup and Walkthrough
After studing, what was the flaw a written a custom exploit for this specific CVE which will give us RCE on the server, you can find that exploit here.
What are some alternatives?
When comparing pwn_jenkins and CVE-2021-41773 you can also consider the following projects:
jenkins-job-wrecker - convert Jenkins job XML to JJB YAML
pwntools - CTF framework and exploit development library
RomBuster - RomBuster is a router exploitation tool that allows to disclosure network router admin password.
AutoSploit - Automated Mass Exploiter
jklint - A Jenkinsfile linter CLI saving time linting Jenkinsfiles by only typing 1 argument in the command line.
jenkins-update-center - Jenkins mirror update center generator
DogWalk-rce-poc - š¾Dogwalk PoC (using diagcab file to obtain RCE on windows)
altwalker-jenkins-example - An example of a simple Jenkins Pipeline for AltWalker.
jenkins-attack-framework