Jenkins CLI Arbitrary File Read

This repository is a multi-module Python offensive framework centered on exploiting HiSilicon DVR/NVR/IP camera devices via CVE-2020-25078, then managing compromised hosts through a Flask/SocketIO web panel. It is not a simple single-file PoC: it includes a control server (server.py), persistence and post-exploitation tooling, credential attacks, recon modules, web vulnerability scanners, network service checks, pivoting, reverse shell support, and a SQLite-backed datastore. Core exploit logic is in exploit.py and scanner.py. exploit.py probes numerous traversal/disclosure paths such as /../../.../mnt/mtd/Config/Account1 and related config/system files, parses returned content with multiple regex patterns to recover credentials, fingerprints device families, and falls back to known default credentials when disclosure succeeds but parsing does not. scanner.py operationalizes this by scanning IPs/CIDRs and common ports, checking liveness, fingerprinting likely cameras, invoking the CVE-2020-25078 checks, and storing recovered credentials in cameras.db. Post-exploitation capability is substantial. telnet_client.py provides raw Telnet login and command execution. botnet.py fans out commands across stored hosts. persistence.py installs SSH authorized_keys, cron, rc.local, init.d, systemd, inittab telnetd, and bind-shell style persistence. reverse_shell.py generates many Linux/IoT reverse shell one-liners and runs listeners. pivot_chain.py and socks_pivot.py support chained execution and local SOCKS5 pivoting through compromised hosts. Additional modules broaden scope beyond the HiSilicon exploit: brute.py and cred_spray.py perform credential attacks across Telnet, SSH, FTP, HTTP, SMB, databases, VNC, LDAP, WinRM, and more; network_exploit.py checks for exposed/misconfigured services and some well-known vulnerabilities such as MS17-010 and BlueKeep; web_exploit.py, web_cves.py, web_bugs.py, and web_brute.py scan websites for exposed files, CMS fingerprints, generic bug classes, and multiple CVE signatures. Recon/intel support includes ASN, DNS, GeoIP, JARM, WAF detection, proxy/Tor rotation, screenshot grabbing from camera snapshot endpoints, and Telegram/Discord/AbuseIPDB integrations. The repository structure is coherent and functional, with many CLI-capable modules and a central web UI in templates/index.html. Overall, this is an operational exploit-and-post-exploitation toolkit focused on HiSilicon IoT devices but expanded into a broader C2-style offensive platform.

Repository is a small standalone Python exploit PoC for CVE-2024-23897 targeting Jenkins. It contains one executable script (CVE-2024-23897.py), a README with usage examples, and a requirements file. The script uses requests, argparse, colorama, urllib.parse, uuid, and concurrent.futures. Its main logic builds a crafted binary payload that is POSTed to the Jenkins CLI endpoint /cli?remoting=false with custom headers such as Session and Side=upload, then performs a paired Side=download request to retrieve the response. The payload embeds a user-controlled file path argument, indicating arbitrary file-read intent. If the optional -c/--command argument is supplied, the script also sends raw command bytes to the same endpoint with Side=command, claiming RCE capability. The tool supports single-target mode and bulk scanning/exploitation from a file with configurable thread count, and can append returned content to an output file. No hardcoded C2, callback host, or external infrastructure is present; all network interaction is directed at attacker-specified Jenkins targets. Overall, this is an operational standalone exploit script rather than a framework module or mere detector.

Repository contains a Go proof-of-concept for CVE-2024-23897 (Jenkins CLI '@' argument expansion leading to arbitrary file read). Structure: (1) PoC.go: main entry point that crafts a binary Jenkins CLI request for the 'help' command, embedding a user-supplied file path prefixed by '@' to trigger args4j expandAtFiles() on the server. It then performs the Jenkins CLI remoting exchange by launching two concurrent HTTP POST requests to the target's /cli?remoting=false endpoint: an 'upload' request carrying the binary payload and a 'download' request (same Session header) to retrieve and print the response body (file contents/error). (2) README.md: explains affected Jenkins versions, root cause, impact, detection/mitigation guidance, and example sensitive file paths. The code’s direct capability is unauthenticated/low-auth file disclosure; any RCE is only discussed as a potential follow-on, not implemented here. Note: PoC.go references uuid.New().String() but the uuid import is not shown in the snippet, implying the repository as presented may require adding an import (e.g., github.com/google/uuid) to compile.

Repository contains a single Python proof-of-concept exploit (PoC.py) for CVE-2024-23897 affecting Jenkins CLI argument parsing (args4j '@file' expansion). The script takes three arguments (ip, puerto, ruta), downloads the target’s Jenkins CLI jar from /jnlpJars/jenkins-cli.jar, then executes it locally via a shell command: `java -jar jenkins-cli.jar -s http://<ip>:<port>/ -http connect-node @<ruta>`. The '@<ruta>' portion is the core exploit primitive intended to trigger server-side file read/injection behavior during CLI command processing, enabling internal file disclosure (README demonstrates /etc/passwd). After execution it deletes the downloaded jar. Repo structure: LICENSE (MIT), README.md (Spanish usage/installation notes and brief vulnerability explanation), and PoC.py (the only code and entry point).

This repository contains a Python exploit script (exploit.py) targeting CVE-2024-23897, a vulnerability in Jenkins that allows arbitrary file read via the Jenkins CLI endpoint. The exploit constructs a custom binary payload and interacts with the Jenkins server over HTTP, specifically targeting the /cli?remoting=false endpoint. The script requires the attacker to specify the target Jenkins URL and the absolute path of the file to read. It attempts to extract sensitive information, such as credentials, from the server by reading arbitrary files. The repository structure is simple, consisting of a README.md and the main exploit script. The exploit is operational and can be used directly against vulnerable Jenkins instances on both Linux and Windows platforms.

This repository contains a Python exploit script (exploit.py) targeting CVE-2024-23897, a critical file read vulnerability in Jenkins versions prior to 2.442 and LTS 2.426.3. The exploit allows an attacker to read arbitrary files from the Jenkins server by sending crafted HTTP requests. The script provides an interactive menu with options to check the Jenkins version, verify if the target is vulnerable, and exploit the vulnerability by specifying a file path to read. The exploit requires the attacker to supply the Jenkins server URL and the desired file path. All actions and outputs are logged to a local file (jenkins_exploit.log). The README.md provides setup instructions for a vulnerable Jenkins environment but does not contain exploit code. The main attack vector is network-based, targeting Jenkins' HTTP API endpoints. The exploit is operational, providing a working file read capability but does not include advanced payload customization or post-exploitation features.

This repository provides a proof-of-concept exploit for CVE-2024-23897, a vulnerability in Jenkins (<= 2.441, LTS <= 2.426.2) that allows unauthenticated users to read the first line of arbitrary files on the server via the Jenkins CLI. The repository includes a Dockerfile to build a vulnerable Jenkins instance with a unique flag file, a README with setup and usage instructions, and an 'exploit.sh' Bash script that automates the exploitation process. The exploit works by using the Jenkins CLI's 'help' command with a specially crafted argument (e.g., '@/etc/passwd'), causing Jenkins to read and leak the first line of the specified file. The main attack vector is network-based, targeting the Jenkins HTTP interface (default: http://127.0.0.1:8080). The endpoints of interest include the Jenkins web interface, the CLI JAR download path, and example file paths used for exploitation. The exploit is a functional proof-of-concept and is intended for educational use in a controlled environment.

This repository provides a proof-of-concept exploit for CVE-2024-23897, a critical vulnerability in Jenkins (versions 2.441 and earlier, LTS 2.426.2 and earlier). The vulnerability allows unauthenticated attackers to read arbitrary files from the Jenkins controller file system by abusing the Jenkins CLI argument parser, which interprets arguments starting with '@' as file inclusions. The repository contains four files: a C++ source file (main.cpp) implementing the exploit logic, a Bash script (run_exploit.sh) to automate compilation and execution, a README.md with usage instructions and references, and a LICENSE file. The exploit works by sending a specially crafted HTTP POST request to the Jenkins CLI endpoint ('/cli?remoting=false') on the target server, embedding the '@' character followed by a file path in the request payload. The script demonstrates reading '/etc/passwd' as an example. The attack vector is network-based, requiring access to the Jenkins CLI endpoint. The exploit is a proof-of-concept and does not include advanced payloads or post-exploitation features.

This repository is a proof-of-concept exploit lab for CVE-2024-23897, an arbitrary file read vulnerability in Jenkins 2.441 and earlier. The structure includes a Docker Compose environment to simulate a vulnerable Jenkins server, an attacker container, and supporting files. The main exploit logic is implemented in 'attack-scripts/auto-exploit.sh', which automates the exploitation process using the Jenkins CLI tool. The exploit works by abusing the 'help' and 'connect-node' commands of the Jenkins CLI to read the first line or the full content of arbitrary files on the Jenkins server. The repository provides both manual and automated attack instructions, and includes sample sensitive files for demonstration. The primary network endpoint is the Jenkins server at http://vulnerable-jenkins:8080, and the exploit targets files such as /etc/passwd, /opt/test-files/secret.txt, and Jenkins configuration files. The repository is intended for educational and testing purposes, demonstrating the impact of the vulnerability in a controlled environment.

This repository contains a Python proof-of-concept exploit for CVE-2024-23897, targeting Jenkins servers. The main script, CVE-2024-23897.py, automates the execution of Jenkins CLI commands (such as 'who-am-i', 'enable-job', and 'keep-build') against a specified Jenkins server using the Jenkins CLI JAR file. The script leverages proxychains to route traffic and allows the attacker to specify a file path, which is used as input to the CLI command. This can be exploited to read the first 3 lines of any file accessible to the Jenkins process, potentially exposing sensitive information such as secret keys. The README provides usage instructions and an example, including a sample Jenkins server URI and a sensitive file path. The exploit requires network access to the Jenkins server and the ability to run Java and proxychains on the attacker's system. The repository is structured simply, with one exploit script and a README.

This repository contains a Python proof-of-concept exploit for CVE-2024-23897, a critical vulnerability in Jenkins (versions 2.441 and earlier, LTS 2.426.2 and earlier) that allows arbitrary file read via the args4j module through the Jenkins CLI endpoint. The exploit script (CVE-2024-23897.py) takes two arguments: the target Jenkins URL and the file path to read from the server. It crafts a specific binary payload and sends it to the /cli?remoting=false endpoint using two concurrent HTTP POST requests with custom headers. The README provides usage instructions and remediation advice. The exploit demonstrates the ability to read arbitrary files from the Jenkins server, which can lead to further exploitation such as remote code execution. The main attack vector is network-based, targeting the Jenkins CLI HTTP endpoint.

This repository contains a proof-of-concept (POC) exploit for CVE-2024-23897, a vulnerability in Jenkins that allows arbitrary file read via the Jenkins CLI endpoint. The repository consists of two files: a README.md with usage instructions and background information, and poc.py, a Python script implementing the exploit. The script takes a target Jenkins URL and a file path as arguments, then crafts and sends specially formatted requests to the /cli?remoting=false endpoint using a custom binary protocol. By coordinating upload and download requests with a shared session ID, the script is able to retrieve the contents of arbitrary files from the Jenkins server. The exploit is network-based and targets Jenkins servers with the vulnerable CLI endpoint exposed. No payload for code execution is included; the exploit is limited to file read capability. The code is a standalone POC and not part of any exploit framework.

This repository provides a proof-of-concept exploit for CVE-2024-23897, a critical remote code execution vulnerability in Jenkins. The main exploit script, 'cve-2024-23897.py', is written in Python and automates the exploitation process by downloading the 'jenkins-cli.jar' from a target Jenkins server and using it to connect to a node and read arbitrary files specified by the attacker. The script interacts with the Jenkins server over HTTP, requiring the attacker to supply the server's IP, port, and the file path to read. The repository also includes 'auto_mount.sh', a Bash script that automates the deployment of a vulnerable Jenkins Docker environment for testing purposes. The README provides detailed instructions for both exploitation and lab setup, emphasizing ethical use. The exploit targets Jenkins servers that have not been patched for CVE-2024-23897 and demonstrates the ability to read arbitrary files, which could lead to further compromise. No hardcoded IPs or credentials are present; the attacker supplies all necessary parameters at runtime.

This repository contains a proof-of-concept exploit for CVE-2024-23897, an arbitrary file leak vulnerability in Jenkins (tested on version 4.441). The main file, CVE-2024-23897.cpp, is a C++ program that automates the exploitation process. It takes a target Jenkins server URL and a file path as arguments. The exploit first downloads the Jenkins CLI JAR file from the target server, then uses the CLI to execute the 'connect-node' command, passing the specified file as input. This results in the contents of the file being leaked if the server is vulnerable. The repository also includes a README.md with compilation and usage instructions. The exploit is network-based, targeting Jenkins servers accessible over HTTP, and demonstrates the vulnerability by leaking files such as /etc/passwd.

This repository provides a Python proof-of-concept exploit for CVE-2024-23897, a critical file read vulnerability in Jenkins (up to 2.441 and Jenkins LTS up to 2.426.2). The exploit abuses the Jenkins CLI endpoint (/cli?remoting=false) to read arbitrary files from the server's filesystem without authentication. The main script, CVE-2024-23897.py, allows the user to specify a target Jenkins URL and a file path to read, or to interactively issue file read commands via a shell-like interface. The exploit demonstrates the ability to retrieve sensitive files such as /etc/passwd, Jenkins configuration files, and secret keys, which could be leveraged for further attacks. The repository includes a README with usage instructions, a list of interesting files to target, and a Fofa dork for identifying vulnerable Jenkins instances. The code is standalone, written in Python, and does not rely on any exploitation framework.

This repository contains a Python proof-of-concept exploit for CVE-2024-23897, a vulnerability in Jenkins that allows arbitrary file read via the CLI's expandAtFiles feature. The exploit script (CVE-2024-23897.py) takes a target URL (or a list of targets) and a file path to read from the Jenkins server. It crafts and sends POST requests to the '/cli?remoting=false' endpoint, leveraging a specially constructed payload to trigger the vulnerability. The script supports both single and multiple targets and prints the response (file contents) from the server. The README provides background on the vulnerability, usage instructions, and a reference to the official Jenkins advisory. The exploit is a functional proof-of-concept and does not provide weaponized or post-exploitation features.

This repository contains a proof-of-concept (PoC) exploit for CVE-2024-23897, a local file inclusion vulnerability affecting Jenkins versions 2.441 and earlier. The main script, 'CVE-2024-23897.py', is a Python program that automates exploitation by first downloading the Jenkins CLI jar from the target server, then using it to execute the 'connect-node' command with a file path specified by the attacker. This allows the attacker to read arbitrary files from the Jenkins server's filesystem. The exploit requires the attacker to provide the Jenkins server's IP address, port, and the file path to read. The README provides usage instructions and context, confirming the exploit's purpose and target. No fake or detection-only scripts are present; the code is a functional exploit PoC.

This repository provides a Python proof-of-concept exploit for CVE-2024-23897, a critical arbitrary file read vulnerability in Jenkins (<=2.441, LTS <=2.426.2). The exploit leverages a flaw in the Jenkins CLI argument parser, which expands arguments prefixed with '@' by reading the referenced file from the server's filesystem. The main script, 'jenkins_fileread.py', allows unauthenticated attackers to interactively or directly specify files to read from a vulnerable Jenkins server via the /cli?remoting=false HTTP endpoint. The script supports options for saving file contents, using proxies, and customizing requests. The README.md provides detailed usage instructions, example file targets (such as /etc/passwd, /proc/self/environ, and Jenkins-specific files), and references to official advisories. The exploit is limited to reading plaintext files and cannot fully read binary files. The repository consists of two files: the exploit script and a comprehensive README. No detection or fake code is present; the exploit is functional and focused on file disclosure via network access to the Jenkins CLI endpoint.

This repository is a Go-based exploit tool targeting Jenkins servers vulnerable to CVE-2024-23897, an arbitrary file read vulnerability via the Jenkins CLI. The tool is operational and provides both detection and exploitation capabilities. It allows users to scan single or multiple Jenkins instances (via URL or list), check for vulnerability, enumerate available CLI commands, read arbitrary files (such as /etc/passwd), and in some cases execute commands via the Jenkins CLI interface. The main entry point is 'cmd/CVE-2024-23897/CVE-2024-23897.go', which orchestrates the scanning and exploitation logic. The tool interacts with the Jenkins /cli?remoting=false endpoint using a custom binary protocol, and supports features such as proxying, custom headers, concurrency, and update checks. The codebase is modular, with clear separation between input handling, output formatting, runner logic, and the core scanner/exploit logic. The exploit is not part of a larger framework and is self-contained. It is suitable for both proof-of-concept and operational exploitation of vulnerable Jenkins instances.

This repository contains a proof-of-concept exploit for CVE-2024-23897, a critical file read vulnerability in Jenkins (versions 2.441 and earlier, LTS 2.426.2 and earlier). The exploit is implemented in a single Python script (CVE-2024-23897.py) and is accompanied by a detailed README.md. The script targets the Jenkins CLI endpoint (/cli?remoting=false) and leverages a flaw in the args4j library's expandAtFiles feature, allowing attackers to read arbitrary files from the Jenkins controller file system. The exploit works by sending a crafted binary payload to the Jenkins server and retrieving the file contents via a coordinated upload/download session. The README provides usage instructions, example commands, and references to official advisories. The exploit requires network access to a vulnerable Jenkins instance and does not require authentication for partial file reads, but full file reads may require Overall/Read permission. The repository is structured simply, with the main exploit logic contained in the Python script and documentation in the README.

This repository contains a proof-of-concept (POC) exploit written in Python. The main file, poc.py, is designed to exploit a vulnerability in a service that exposes an HTTP endpoint at /cli?remoting=false. The exploit works by sending two specially crafted HTTP POST requests in parallel threads, using a shared session UUID. The payload is constructed to request the contents of an arbitrary file from the target server, as specified by the user (e.g., /etc/passwd). The README provides basic usage instructions. The code is self-contained and does not rely on external frameworks. The exploit demonstrates the ability to read arbitrary files from the target, indicating a likely file read or deserialization vulnerability in the target service. No specific product or CVE is mentioned, but the structure suggests it targets a Jenkins CLI or similar service.

This repository contains a Python proof-of-concept (PoC) exploit and scanner for CVE-2024-23897, a critical vulnerability affecting Jenkins versions <= 2.441 and <= LTS 2.426.2. The main file, CVE-2024-23897.py, is a command-line tool that allows users to scan for and exploit the vulnerability by sending specially crafted HTTP POST requests to the Jenkins /cli?remoting=false endpoint. The exploit enables reading up to 3 lines from an arbitrary file on the target Jenkins server. The tool supports targeting single IPs, IP ranges, CIDR blocks, or lists of hosts, and can read targets from a file. It also allows customization of the Jenkins CLI command and language used in the payload. The README provides detailed usage instructions and documents the tool's features and changelog. No hardcoded IPs or domains are present; the tool is designed for flexible targeting as specified by the user.

This repository contains a Python exploit script (CVE-2024-23897.py) targeting Jenkins servers vulnerable to CVE-2024-23897, an arbitrary file read vulnerability that can lead to remote code execution (RCE). The script allows an attacker to target one or multiple Jenkins servers by specifying a single URL or a file containing a list of targets. It uses HTTP POST requests to the /cli?remoting=false endpoint with specially crafted headers and payloads to trigger the vulnerability. If a command is specified, it will be executed on the target Jenkins server. The exploit supports concurrent execution using threads and can save successful responses to an output file. The repository also includes a README.md with detailed usage instructions and a requirements.txt listing Python dependencies. The main attack vector is network-based, exploiting the Jenkins HTTP(S) interface. The script is operational and provides real exploitation capabilities, not just detection.