Password misreport
Opened this issue · 2 comments
zhzyker commented
Scanning Jenkins ver. 2.46.1 has false positives
xxxx@debian:/opt/tools/scan/web-brutator$ python3 web-brutator.py --url http://xxxxxxxx3:8080 --target jenkins -u admin -P xxxx.txt -s
__ __ ___. __________ __ __
/ \ / \ ____\_ |__ \______ \_______ __ ___/ |______ _/ |_ ___________
\ \/\/ // __ \| __ \ ______ | | _/\_ __ \ | \ __\__ \ __\ / _ \_ _ _\
\ /\ ___/| \_\ \ /_____/ | | \ | | \/ | /| | / __ \| | ( <_> ) | \/
\__/\ / \___ >___ / |______ / |__| |____/ |__| (____ /__| \____/|__|
\/ \/ \/ \/ \/
Version 0.2
[*] Check if target http://1xxxxxx:8080 is reachable...
[+] Connection to target OK. HTTP Status 200
[*] Number of creds that will be tested: 2104
[*] Jenkins administration console detected: http://1xxxxxxx3:8080/login
[*] Starting bruteforce with 10 threads...
Found jenkins creds: admin:%null%
Found jenkins creds: admin:!@#$%^&*
Found jenkins creds: admin:00000000
Found jenkins creds: admin:!@#$%^&
Found jenkins creds: admin:000000
Found jenkins creds: admin:!@#$%^
Found jenkins creds: admin:!@#$
Found jenkins creds: admin:%username%
Found jenkins creds: admin:0123456789
Found jenkins creds: admin:!@#$%
[*] Bruteforce finished !
koutto commented
Hi,
Can you paste here the HTTP response (headers + html code) you received when trying random creds on your target Jenkins interface ?
Thanks
zhzyker commented
The correct password is admin admin
Requests-1:
POST /j_acegi_security_check HTTP/1.1
Host: 1.1.1.1:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Length: 46
Content-Type: application/x-www-form-urlencoded
j_username=admin&j_password=1&Submit=Sign%2Bin
Response-1:
HTTP/1.1 302 Found
Date: Wed, 10 Feb 2021 06:07:03 GMT
X-Content-Type-Options: nosniff
Set-Cookie: JSESSIONID.a53e21fb=64bncepa55un1l76xyl6ltcba;Path=/;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=;Version=1;Path=/;Expires=Thu, 01-Jan-1970 00:00:00 GMT;Max-Age=0
Location: http://1.1.1.1:8080/loginError
Content-Length: 0
Server: Jetty(9.2.z-SNAPSHOT)
Requests-2:
GET /loginError HTTP/1.1
Host: 1.1.1.1:8080
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: JSESSIONID.a53e21fb=64bncepa55un1l76xyl6ltcba
Response-2:
HTTP/1.1 401 Unauthorized
Date: Wed, 10 Feb 2021 06:07:03 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-Hudson-Theme: default
Content-Type: text/html;charset=UTF-8
X-Hudson: 1.395
X-Jenkins: 2.46.1
X-Jenkins-Session: abe59c05
X-Hudson-CLI-Port: 40808
X-Jenkins-CLI-Port: 40808
X-Jenkins-CLI2-Port: 40808
X-Frame-Options: sameorigin
X-Instance-Identity: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu9uxTQ9m91dbfkd/JVJ690ofe43DG74arY+jf83iCysioykPNhqK6AlSUrwoMxRpVq/L2W+Ax+5rWxSKJzPdyWhbrAlseELD8Cs4qNIA3X6tVpOMYTMh3PQ9J3SuoeHJXcsOUjNg0V9tKC2LWbE0rnYCllFUNrnhduXzCQ0WdWAnO2tiqIMANO6zvte3S6Yg5JmtE7WH8dDf0tJBBRAOeK4KC+XeSaeb3/WqHtoboHimhLR67AysqEe9kVA5ktMcGFtwwsHw63xQO05bvdd3RMeJHRcsV4GXv9xZYxxPnfEGYKxpmf+6+Mc1AjXOUuHkupAe1tDI1mxkfZxBR1mMwIDAQAB
X-SSH-Endpoint: 1.1.1.1:33284
Content-Length: 2311
Server: Jetty(9.2.z-SNAPSHOT)
............mS.....
.......,G{.d..`.+....v:...V....Ir .k.[...<._......;..z$=..f..{........W...q}J.&..~.d4&...7../.....t...!.|.....+)M...+.L....!..Z..7..6.....S.."....3....C...<..u...B0=e.xd..x.{.i.
....#.$2
.......3...v....=.v.").z;t..L....?Q<...T*....H.O...9...(...NX8O. ...Z.M.p...l.o$h4........d......|bQ.H....T..o..X.1m.c*4;".Fg......|.....
.D.h..nS...F...}[}.tN.!o.B.#6...._.r'..}.F..B*.$....g. f..p....z.!.YB..R~.9..t*.{. O.....e...A..,5..
........m+....Jf..6...
.)X.z..]."+k........U...[.#7..38.a..6H....... .X.s?.A5....... .F*L.........F^.........xQ..F*OF.O....=.y.4r.....P.Z3.k..T...;
...P....=...j...p....t...g.w..B7.............D.wi. ...P..........t.......f(Ii.......[...!?.....O..wyuvuqq....9g..DG.....t.3...o.{...S.......tT..RjX%...X..zH. ....\...u..U'.F$>...C'..^.......-...m).Q.X...........R..n.....^..4.( 3..........a.$......3..{.....|....x..... ....a.c...i...{..A.%.A..$.$-..9S...x..pC.=..pd...+..D.{.[x#F.........e....x5..L......iI6...2a..QZ...d....q....c.,.i...4......._.4_Ej1.bt..u...........L...}K ..............C..0V2...w.r....D..GO`q.n$....1K.G.!.R%.2.T...L..s.)....%...#6......u...:..........j...>.....T..dq....Y.Xw..F;..L..._=.....R......V.M..c6..0>..*....1.a.>...J.E<..+...-..N/.z~y..Z.....
..{..=......B..I.I. {<*..\U,...x....N*gY.......N.U.. .:.........] Q...e....m.vB.LFY..)(.s... ..4\@....(f....w.>a..`..+.......5v.........O`.h.n..J...3.H*Y<a.S....*..j....5......*...h#.~.....*P....X8.<>.8%............FBh>s.dNm-S9.aI.VXy..6....<..E.t...h..ES(..Y..#a....og8C.f.ul.&..Z....`e..
F..G.}.D&.@.kgz.~.j.O."...LBt.R....+E.....co?.5..k.@o..........SX......K.I\..f yF.'..Z_L.u..n.....ik.........
....Y..D'.C>q...+.V.7..[. @+.....E.c.....T4b..f... {....m.T..
..
....;<U.U.b.d".G)..4.....A......#
F...5.....j./-{......oy_Qy.%...;....*.}.#..........,:..w.L......Ld..m_T!h5.).?.a....2.;..w. ...Im.fI...=..2...[^.`....J.vB..r......N...-p.....B?..&J..}+.....L...t.]...A....Z..T.IZ....`..uS...C..2o.u^..`x.c._....
...9?.......<..|.Y..3.P.Z..#Pk>...B U}b......F...:r.J.!+>"......G0...J-...s...;.B....~...5.@.3... .....G
}....l.
..+K}@a..FIQ..-...=.B9 &...B..`gy>&......D/4....0.B-U.#.R....Xd .r...Fx..9..\Y.H.$.8.#.1.......SZB.B..."..$....R......>..Z....[yv.<.....A.:oM.(.u...Xmj.../...`^.b..&.......v.H.........;.......GpM@.F.^m...729.Bo....9.>w.].X.._..*PL.K.q5..8......x..KE....w-.....d..?. ..