Jenkins XStream XML deserialization RCE

This repository contains a Python exploit script (CVE-2016-0792.py) targeting Jenkins servers vulnerable to CVE-2016-0792, a remote code execution vulnerability. The exploit works by programmatically creating a new Jenkins job with a malicious shell command payload, which runs an exfiltration binary in the background, monitors its process, and attempts to contact an exfiltration server at http://exfiltration:8080. The script then triggers the job and monitors its output via Jenkins' API. The exploit assumes the Jenkins server is accessible at http://web:8080 and that the exfiltration binary is present at /usr/local/bin/exfiltrate. The repository also includes a minimal README. The main attack vector is network-based, exploiting Jenkins' job creation and build features to achieve remote code execution. The script is operational and demonstrates a real-world attack scenario, though it requires a specific environment (vulnerable Jenkins, exfiltration binary, and exfiltration server) to function fully.

This repository contains a Python-based exploit for Jenkins CVE-2016-0792, a remote code execution vulnerability in Jenkins versions prior to 1.650. The main exploit logic resides in 'exploit.py', which checks if the target Jenkins server is online, verifies its version via the 'X-Jenkins' HTTP header, and if vulnerable, sends a crafted XML payload to the '/createItem' endpoint to trigger command execution. The payload is generated by 'prepare_payload.py', which constructs an XML object that leverages Groovy's Expando and Java's ProcessBuilder to execute arbitrary commands. The exploit requires Python 3.6+ and the 'requests' library. The README provides usage instructions and references to further documentation. No hardcoded IPs or credentials are present; the exploit is generic and requires the attacker to specify the target URL and command to execute. The attack vector is network-based, targeting Jenkins servers accessible over HTTP.