CVE-2021-41773
Apache2 2.4.49 - LFI & RCE Exploit - CVE-2021-41773 (by thehackersbrain)
pwn_jenkins
Notes about attacking Jenkins servers (by gquere)
| CVE-2021-41773 | pwn_jenkins | |
|---|---|---|
| 1 | 2 | |
| 83 | 1,890 | |
| - | - | |
| 2.6 | 5.7 | |
| about 2 years ago | 23 days ago | |
| Python | Python | |
| - | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CVE-2021-41773
Posts with mentions or reviews of CVE-2021-41773.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-07.
-
Oh My WebServer TryHackMe Machine Writeup and Walkthrough
After studing, what was the flaw a written a custom exploit for this specific CVE which will give us RCE on the server, you can find that exploit here.
pwn_jenkins
Posts with mentions or reviews of pwn_jenkins.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-05-05.
-
CorePlague: Severe Vulnerabilities in Jenkins Server Lead to Remote Code Execution
I did add it to the list though.
-
JAF is an internally developed, red team-oriented tool from Accenture for interacting with Jenkins build servers.
I'm maintaining a list of scripts and exploits for Jenkins here: https://github.com/gquere/pwn_jenkins
What are some alternatives?
When comparing CVE-2021-41773 and pwn_jenkins you can also consider the following projects:
pwntools - CTF framework and exploit development library
jenkins-job-wrecker - convert Jenkins job XML to JJB YAML
AutoSploit - Automated Mass Exploiter
RomBuster - RomBuster is a router exploitation tool that allows to disclosure network router admin password.
jklint - A Jenkinsfile linter CLI saving time linting Jenkinsfiles by only typing 1 argument in the command line.
jenkins-update-center - Jenkins mirror update center generator
DogWalk-rce-poc - š¾Dogwalk PoC (using diagcab file to obtain RCE on windows)
altwalker-jenkins-example - An example of a simple Jenkins Pipeline for AltWalker.
jenkins-attack-framework