Jenkins script console execute windows command

Jenkins script console execute windows command


  • Unauthenticated: Jenkins Edition
  • Running Powershell scripts using Jenkins
  • Exploiting Jenkins Groovy Script Console in Multiple Ways
  • How to execute grovvy script remotely on Jenkins server?
  • Jenkins-CI Script-Console Java Execution - Metasploit
  • Unauthenticated: Jenkins Edition

    In this blog, we will be configuring Jenkins to execute Powershell scripts on Windows. This blog will not be covering Jenkins server set up steps on Windows. You can refer to the following link for Jenkins installation. Click on the Available tab and Enter PowerShell in the filter box. Select the plugin showing by name PowerShell Plugin.

    Download now and install after a restart. The PowerShell plugin is now installed. Select Freestyle project Tick This build is parameterized. Enter the options on new lines inside the Choices text box. Also, provide description for the options mentioned: Scroll down to the Build option and Add build step. Select Windows PowerShell, inside the text box where the below Powershell script is to be supplied: [js] Create Temp Directory where the files will be created.

    Running the Job: Go to the Jenkins home page and execute the job just created. Executing the job will bring a form with the options provided in the parameters specified as in the image below: Click Build. Once the job is complete. To setup remote Powershell scripts we first need to configure Jenkins server for remote Powershell script execution.

    Execute the below command on Powershell window on Jenkins server. The command will add all the remote machine to the trusted list. To enable execution of Powershell scripts remotely execute the following command in Powershell window on Jenkins server.

    It depends on the type of job you are executing on the remote machine as to if you want to use "-ErrorAction Stop" on your Invoke-Command.

    Running Powershell scripts using Jenkins

    If you intend to follow along, be sure you have a few prerequisites in place. The requirements to run Jenkins are so minimal, any modern computer could do it. The examples in this article will all be based on Jenkins running on: Windows 10 Enterprise v.

    Installing Jenkins With the prerequisites taken care of, lets install Jenkins. Installing Jenkins is simple and straight forward. For this article we are using the LTS version. This is the most stable version. As you can see from the screenshot below, there are several options to choose from. Select the Windows version to begin the download. Installing the Windows package for Jenkins Once you have the installer downloaded, extract the zip archive and run the installer accepting all of the defaults.

    Installation is simple. Once the installation is complete, Jenkins will open a browser with the Getting Started page. This page has the initial administrator password to unlock Jenkins to continue the configuration. Providing the administrator password for Jenkins Navigate to the file shown open it up, copy the password shown and use it as the administrator password on the Getting Started page. Installing Plugins Once you log in for the first time, Jenkins will finish the final setup and then ask which plugins to install.

    There are a couple of choices as you can see below in the screenshot. Selecting Install suggested plugins will install the recommended set of plugins based on the most common use scenarios. These include plugins for Authentication providers, GitHub interactions, and Java extensions.

    Highlight Install suggested plugins and click OK. This process will take a few minutes to get the initial plugins installed so now is a good time to get yourself some coffee. Installing plugins in Jenkins Creating the Admin User Once the plugins are installed, the next step is to create our first user.

    This first user is the administrator for Jenkins and will have global permissions, much like the Enterprise Administrator for Windows Server. You can see below what the Create First Admin User page will look like. Creating a Jenkins admin user From this point on, the Jenkins interface is only accessible by entering a valid username and password.

    Setting it to an FQDN will allow remote access much like a website. For this article and to keep things simple, accept the default URL. Navigate to the main dashboard if it is not already open. From the main dashboard, click on Manage Jenkins then click on Configure Global Security to open up the security settings as shown below. It also a good idea untick Allow user to sign up as shown below. Having it checked will allow any user to create an account and give themselves access to Jenkins.

    Looking at the screenshot below, there are other options for authentication. Delegate to servlet container — This is used if you have Docker containers already setup with Jenkins and allows authentication through the container.

    LDAP — This option is used when you already have Active Directory that you want to use for authentication Next, choose the Logged-in users can do anything option.

    In this mode, every logged-in user will have full control of Jenkins. This may not be a good idea for production as this allows any user to make changes to the settings. Configuring global security Enabling the PowerShell plugin With basic security set-up, it is time to configure the PowerShell plugin.

    To install the PowerShell, plugin, navigate to the main dashboard, click Manage Jenkins, then Manage Plugins as shown below. Installing the PowerShell plugin There are hundreds of plug-ins so the best way to find the PowerShell plugin is to search for it. Check the bo, as shown below, to enable it.

    This will allow Jenkins to directly write PowerShell commands and scripts directly into the text boxes within Jenkins and allow Jenkins to invoke PowerShell without having to start a seperate PowerShell conole. You can see below what this might look like. Creating a job The installation of the PowerShell plugin is complete.

    Here comes the fun stuff. In Jenkins, a job is defined as a series of tasks to complete. A common scenario is a job that will start compiling a program when a developer check-ins code. Very similar to Task Manager in Windows server. Jenkins has different project types, sometimes called Pipelines, that focus on specific objectives. The different types of projects will have different settings, options and parameters depending on the type of project you choose.

    You can find more information about the types of projects and when to use them on the Jenkins site. From the main dashboard, click New item. For the job name, enter creating a text file. This is arbitrary but it is a good idea to label it something that makes sense.

    For this article we are going to use the Freestyle project. This offers the most flexibility to create our job. Highlight the Freestyle project and scroll to the bottom and click OK. Creating a Jenkins project This job is going to be a parameterized project. This means that we can prompt users for input and that input will be passed to the job. We can add a prompt to the job that will ask for a filename to include in the build when we run the job.

    Check the This project is a parameterized item from the drop-down list. Click the Add Parameter drop-down and choose String Parameter. The string parameter is where you enter the message you want to include in the text file. Creating a parameterized Jenkins job Then add a second Choice Parameter. It should look like the screen capture below. This option will give the user options to select a an item from the drop down list.

    Adding parameters to the project The job settings should now look something like the screenshot below. Final job Scroll down to the Build section. Click on the small arrow and select Windows PowerShell. This lets Jenkins know we are running a PowerShell script. This is also where we enter the PowerShell script.

    This job is now ready. Click save. This is a simple script that will create temp directory under the root, if it is not already there and create a text file in that directory.

    Running the job Finally, you are ready to run your first job. See below. Our new Jenkins job Click on the clock icon on the far right and bring up the job form. Setting parameters on Jenkins job In the message box, enter the text you want to insert into the text file. Once the build is done, click on the console output. The console output shows the status of the job and if the job run was successful.

    Console output from job Now all that is left to do is open file manager and check out the file. Navigate to the temp directory and open the text file. It will have the same text as you entered in the build message box.

    Final outcome of Jenkins job Summary You now have a basic understanding of Jenkins. It is a powerful tool that can be used to manage your PowerShell scripts.

    Exploiting Jenkins Groovy Script Console in Multiple Ways

    It also a good idea untick Allow user to sign up as shown below. Having it checked will allow any user to create an account and give themselves access to Jenkins. Looking at the screenshot below, there are other options for authentication.

    Delegate to servlet container — This is used if you have Docker containers already setup with Jenkins and allows authentication through the container. LDAP — This option is used when you already have Active Directory that you want to use for authentication Next, choose the Logged-in users can do anything option.

    In this mode, every logged-in user will have full control of Jenkins.

    How to execute grovvy script remotely on Jenkins server?

    This may not be a good idea for production as this allows any user to make changes to the settings. Configuring global security Enabling the PowerShell plugin With basic security set-up, it is time to configure the PowerShell plugin.

    To install the PowerShell, plugin, navigate to the main dashboard, click Manage Jenkins, then Manage Plugins as shown below. Installing the PowerShell plugin There are hundreds of plug-ins so the best way to find the PowerShell plugin is to search for it.

    Check the bo, as shown below, to enable it. This will allow Jenkins to directly write PowerShell commands and scripts directly into the text boxes within Jenkins and allow Jenkins to invoke PowerShell without having to start a seperate PowerShell conole.

    You can see below what this might look like. Creating a job The installation of the PowerShell plugin is complete. Here comes the fun stuff. In Jenkins, a job is defined as a series of tasks to complete.

    A common scenario is a job that will start compiling a program when a developer check-ins code. Very similar to Task Manager in Windows server. Jenkins has different project types, sometimes called Pipelines, that focus on specific objectives.

    The different types of projects will have different settings, options and parameters depending on the type of project you choose. You can find more information about the types of projects and when to use them on the Jenkins site.

    From the main dashboard, click New item. For the job name, enter creating a text file. This is arbitrary but it is a good idea to label it something that makes sense. For this article we are going to use the Freestyle project. This offers the most flexibility to create our job.

    Highlight the Freestyle project and scroll to the bottom and click OK. Select Freestyle project Tick This build is parameterized. Enter the options on new lines inside the Choices text box. Also, provide description for the options mentioned: Scroll down to the Build option and Add build step.

    Select Windows PowerShell, inside the text box where the below Powershell script is to be supplied: [js] Create Temp Directory where the files will be created. Running the Job: Go to the Jenkins home page and execute the job just created.

    Executing the job will bring a form with the options provided in the parameters specified as in the image below: Click Build. Exploits are not always used in targeted breaches. However, recently, a Jenkins vulnerability was observed being used on several occasions. Java Deserialization The Java deserialization vulnerability CVE can be leveraged to gain remote code execution on unpatched Jenkins servers.

    In cases where exploits were not used, adversaries commonly leveraged previously compromised credentials or misconfigured Jenkins servers to obtain access. By default, Jenkins requires authentication, but this is commonly changed by development teams and can leave the server vulnerable, depending on how it is configured.

    One of the most common misconfigurations is the anonymous read access delegation within the Global Security Configuration shown below. While not enabled by default, anonymous read access can be leveraged to access build history and the credentials plugin. In some cases, anonymous script console access was also enabled, which would enable full access to openfoam meshing Java runtime allowing command execution.

    Locking down access to Jenkins, in particular the web console, is highly recommended because improperly configured authentication plugins are common ways attackers gain access to Jenkins and further their mission. Authentication plugins allow development teams to customize logins to their environments.

    Jenkins-CI Script-Console Java Execution - Metasploit

    These plugins vary across organizations, for example, organizations without Active Directory may select to use the Google Login Plugin. It is important to note that regardless of implementation, these authentication methods should be properly secured. Adversaries have been observed leveraging authentication methods to obtain web console access and therefore, these methods should be thoroughly tested for edge cases.

    For example, if using the Active Directory Pluginare all active directory users allowed authentication to the web console? If so, an attacker that has obtained domain credentials will be able to authenticate and attempt exploitation of the Jenkins server. If the script console were to be accessed, the attacker would have full control of the system with relative ease.

    In general, it is recommended that you use a service account with limited permissions on the local system. Linux By default, when installed on Linux, Jenkins will create a service account. This user account is not given sudo or root access by default, however, this is always worth checking. If the script console were to be accessed, the attacker would have the same permissions as the Jenkins service account.

    Script Console The Jenkins script console is an application viewed in the web console that allows users to execute Jenkins Groovy scripts. When accessed, the script console allows full access to Java and can be leveraged to do anything within the Java runtime process.

    Most notable is the ability to execute commands, as shown below for both Linux and Windows installations. From here, an attacker could spawn a beacon, list files, decrypt stored passwords, etc. It is important to note that using the execute method, all commands are run as child processes of the Java process Java.


    thoughts on “Jenkins script console execute windows command

    Leave a Reply

    Your email address will not be published. Required fields are marked *