Leroy Jenkins

How many of you use Jenkins or even know what it is? Well, I’ve been running into it quite a bit lately and I found a few ways of using it to gain access to other servers within an enterprise or organization. From the Jenkins website (https://wiki.jenkins-ci.org/display/JENKINS/Meet+Jenkins)

Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Among those things, current Jenkins focuses on the following two jobs:

  1. Building/testing software projects continuously, just like CruiseControl or DamageControl. In a nutshell, Jenkins provides an easy-to-use so-called continuous integration system, making it easier for developers to integrate changes to the project, and making it easier for users to obtain a fresh build. The automated, continuous build increases the productivity.
  2. Monitoring executions of externally-run jobs, such as cron jobs and procmail jobs, even those that are run on a remote machine. For example, with cron, all you receive is regular e-mails that capture the output, and it is up to you to look at them diligently and notice when it broke. Jenkins keeps those outputs and makes it easy for you to notice when something is wrong.

Jenkins is actually a great tool and I love using it now!  What is fun and interesting about Jenkins or Hudson (the predecessor to Jenkins) is the ability to use a groovy script console located on the server as well as all slave nodes. This is done from the Jenkins server script console url, http://jenkins-server/script. This will vary per instance but whatever url brings up the Jenkins dashboard just add a /script to it and you get the script console. From here you can do anything you can do with Groovy script. What can this buy you? Well, you can access the os with some script, you can poll jobs, you can do all sorts of things.  Here’s what the dashboard looks like:

jenkins-screenshot

Back to Leroy here, well, Leroy Jenkins automates the whole process. It simplifies the scripting by providing you with a console to run whatever commands you want remotely and on any nodes available. It is available on my github. You can download it by running git clone https://www.github.com/captainhooligan/Leroy-Jenkins.git.

Here’s Leroy’s interface:

leroy1

About these ads

Posted on November 1, 2013, in Explanations, How-tos, Tools. Bookmark the permalink. 4 Comments.

  1. very bland read… it’s jenkins ci… who the fuck cares.

    • The people that care are probably the hundreds of thousanfs that use Jenkins for management. Do a quick google search for Dashboard [Jenkins] or Dashboard [Hudson] and see how many instances you find. Majority of the instances I have run across run as root. That means if you can access the script console you own everything Jenkins manages. Dont be condescending because you don’t care. There are plenty that do.

  2. very useful post, thanks!

  1. Pingback: Leroy Jenkins - Jenkins Exploitation Tool | d@n...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: