How I found misconfigured Jenkins instances of different organizations

Shodan search engine

Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.

And one interesting thing is shodan also has dorks to filter out the results. Here is the list of shodan-dorks. And it provides results for open webcams, IP cams, ICS, SCADA, Printers, HomeDevices, IoT devices, Unsecured routers, etc. In simple words, it’s a search engine for IoT devices.

List of users who has access to instance
Build result
  • Use of default credentials
  • If it provides 3rd party login like sign-in with GitHub, etc. Try logging in with those accounts.
  • Getting access to secrets and keys from console output.
  • Getting keys from Jenkins configuration and access to private repositories.
  • RCE from terminal plugin in Jenkins dashboard.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store