INTELWAR.PRESS

References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln versions: Jenkins < 2.137 (preauth) Pipeline: Declarative Plugin up to and including 1.3.4 Pipeline: Groovy Plugin up…

While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes. You might want to know this if you read the decrypting…

While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes. You might want to know this if you read the decrypting…

Today on The Survival Podcast I take your questions on business, the census, guns, monetizing skills, grapes, health, gardening, mulching, plant propagation, CBD oils, generators and more. Make sure if…

Well for once a workshop didn’t sell out right away. We still have a few spots open. The workshop is now open to any and all. You can sign up…

For all the bluster about immigration, the idea that immigrants pose a unique crime problem still doesn't show up in the data. Alex Nowrasteh discusses his new paper. Hosted on…

For all the bluster about immigration, the idea that immigrants pose a unique crime problem still doesn't show up in the data. Alex Nowrasteh discusses his new paper. Hosted on…

The link to sign up for the April 2019 Spring Workshop is now in the main page of your MSB account. Just login to your MSB account and you will…

Today its Friday so it’s time for the expert council show. To ask a question for a show like this, just send an email to me at jack at thesurvivalpodcast.com…

What grants border patrol agents more invasive powers in a 100-mile wide band around the edges of the United States? Chris Montoya is a former longtime Customs and Border Patrol…

What grants border patrol agents more invasive powers in a 100-mile wide band around the edges of the United States? Chris Montoya is a former longtime Customs and Border Patrol…

A new proposal would expand Medicare to include Americans as young as 50. It's a throw-money-at-it solution to problems largely caused by government intervention in health care, according to Cato’s…

A new proposal would expand Medicare to include Americans as young as 50. It's a throw-money-at-it solution to problems largely caused by government intervention in health care, according to Cato’s…

Today on The Survival Podcast I take your phone calls on beef, reloading, soils, fish, guns, ducks, winter weather, land and more. Remember to be on a show like this…

If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You…

If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You…

Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 P...

Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 P...

API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission…

API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission…

A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6e...

A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2 Using the terminal plugin to get RCE https://sharadchhetri.com/2018/12/02/managing-jenkins-plugins/ Getting started with Jenkins Plugins https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Vulns…

Blair is a wellness oriented RN. Beyond her experience as a registered nurse, she has worked as a health and physical educator, an exercise physiologist, personal trainer, and nutrition consultant.…

After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post…