Shodan + Jenkins to get RCEs on Servers
Uranium238s
61

Good read and thanks for sharing my report! ( https://hackerone.com/reports/167859) But you don’t even need to install the terminal plugin to have RCE.

If you’re comfortable with Groovy (http://groovy-lang.org/), you can use the built in Groovy script console (Manage Jenkins > Script Console > “whoami”.execute().text is a slightly less intrusive PoC.

Show your support

Clapping shows how much you appreciated Chase Miller’s story.