Created
February 26, 2019 23:47
-
-
Save jaml/c1e52e7af2a247758b9e32877ffc96e5 to your computer and use it in GitHub Desktop.
Disable SSL cert verification https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc/blob/1a107e0f5f4cb4ba0c35e6f0ecce512257c66475/exploit.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- exploit.py 2019-02-26 18:43:27.142543504 -0500 | |
| +++ exploit_noverify.py 2019-02-26 18:45:43.523191756 -0500 | |
| @@ -10,6 +10,7 @@ | |
| import jenkins | |
| import time | |
| from xml.etree import ElementTree | |
| +import os | |
| payload = ''' | |
| import org.buildobjects.process.ProcBuilder | |
| @@ -21,6 +22,10 @@ | |
| def run_command(url, cmd, job_name, username, password): | |
| + # Disable cert verification | |
| + # https://stackoverflow.com/questions/51210340/jenkins-login-error-using-python-jenkins-cloudbees-jenkins | |
| + os.environ.setdefault("PYTHONHTTPSVERIFY", "0") | |
| + | |
| print '[+] connecting to jenkins...' | |
| server = jenkins.Jenkins(url, username, password) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment