I can't say that I've encountered Jenkins much in the real world but when I worked with large groups of developers they worked independently of each other and Jenkins probably could have helped with that problem but I digress -- that is no longer my world.  

I've heard Jenkins mentioned in the context of pentesting larger organizations and I have two impressions:  First, it's discovered frequently.  Second, it's a sitting duck.  I don't know either to be true but I've wanted to get familiar with it.  I've seen it a few times but not in a situation where I could get a solid foothold. 

Quick sidebar -- I met a red teamer who said he wanted to go through every single exploit in Metasploit to see how it worked.  I understand that concept and this is basically what I'm doing here.  Attack as many things as you can find, become familiar with how they work, and add that knowledge to your toolbox.  It will aid you in pentesting and it will also aid you in securing these applications when you come across them.

I finally found a vulnerable version of Jenkins, version 1.637, and I wanted to work through every angle -- even if some are redundant.

-- UPDATED AGAIN -- MS17-010 PYTHON EXPLOIT

-- UPDATED AT THE BOTTOM OF THE PAGE --

Don't be confused, this is about MS17-010 and the error you'll sometimes see which states:  "Unable to find accessible named pipe!" 

Since I came across this while working, I thought I'd document the steps of how I got here and how I worked to move past it.

I'm on a network with a Windows 2008 Server and when I perform my port scan, I see:

"Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications."  The download can be found here:  https://github.com/rapid7/hackazon

Honestly, when I heard the name, I didn't clue in.  When I saw the interface, I realized I missed the play on words. 

I'd seen this application mentioned somewhere and I wanted to check it out.  Let me start off by saying that if you're a beginner, this is a great application to mess with for a any number of reasons.  If you're seasoned a bit, this might not be worth the effort.