Jenkins Server Broadcast Enumeration - Metasploit

This page contains detailed information about how to use the auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Table Of Contents

hide

Module Overview

Module Ranking and Traits
Basic Usage

Knowledge Base

Verification Steps
Options

Msfconsole Usage

Module Options
Advanced Options
Auxiliary Actions
Evasion Options

Related Pull Requests
References
See Also
Authors
Version

Module Overview

Name: Jenkins Server Broadcast Enumeration
Module: auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum
Source code: modules/auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum.rb
Disclosure date: -
Last modification time: 2019-03-05 04:43:37 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -

This module sends out a udp broadcast packet querying for any Jenkins servers on the local network. Be advised that while this module does not identify the port on which Jenkins is running, the default port for Jenkins is 8080.

Module Ranking and Traits

Module Ranking:

normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage

msf > use auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum
msf auxiliary(jenkins_udp_broadcast_enum) > show targets
    ... a list of targets ...
msf auxiliary(jenkins_udp_broadcast_enum) > set TARGET target-id
msf auxiliary(jenkins_udp_broadcast_enum) > show options
    ... show and set options ...
msf auxiliary(jenkins_udp_broadcast_enum) > exploit

Knowledge Base

Jenkins is an open source tool that provides continuous integration services for software development. This module will attempt to find Jenkins servers by performing a UDP broadcast.

To use this module, you should be on the same network as the Jenkins server(s).

Verification Steps

To test this module, you must make sure there is at least one Jenkins server on the same network. To download Jenkins, please follow this link:

https://jenkins.io/

Options

Unlike most Metasploit modules, jenkins_udp_broadcast_enum does not have any datastore options to configure. So all you have to do is load it, and run, like this:

msf auxiliary(jenkins_udp_broadcast_enum) > run

[*] Sending Jenkins UDP Broadcast Probe ...
[*] 192.168.1.96 - Found Jenkins Server 1.638 Version
[*] Auxiliary module execution completed

Once you have found the Jenkins server, you should be able to browse to the web server. And by default, that port is 8080.

Go back to menu.

Msfconsole Usage

Here is how the scanner/jenkins/jenkins_udp_broadcast_enum auxiliary module looks in the msfconsole:

msf6 > use auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum

msf6 auxiliary(scanner/jenkins/jenkins_udp_broadcast_enum) > show info

       Name: Jenkins Server Broadcast Enumeration
     Module: auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  Adam Compton <[email protected]>
  Matt Schmidt <[email protected]>

Check supported:
  No

Description:
  This module sends out a udp broadcast packet querying for any 
  Jenkins servers on the local network. Be advised that while this 
  module does not identify the port on which Jenkins is running, the 
  default port for Jenkins is 8080.

References:
  https://wiki.jenkins-ci.org/display/JENKINS/Auto-discovering+Jenkins+on+the+network

Module Options

This is a complete list of options available in the scanner/jenkins/jenkins_udp_broadcast_enum auxiliary module:

msf6 auxiliary(scanner/jenkins/jenkins_udp_broadcast_enum) > show options

Module options (auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Advanced Options

Here is a complete list of advanced options supported by the scanner/jenkins/jenkins_udp_broadcast_enum auxiliary module:

msf6 auxiliary(scanner/jenkins/jenkins_udp_broadcast_enum) > show advanced

Module advanced options (auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   CHOST                       no        The local client address
   CPORT                       no        The local client port
   VERBOSE    false            no        Enable detailed status messages
   WORKSPACE                   no        Specify the workspace for this module

Auxiliary Actions

This is a list of all auxiliary actions that the scanner/jenkins/jenkins_udp_broadcast_enum module can do:

msf6 auxiliary(scanner/jenkins/jenkins_udp_broadcast_enum) > show actions

Auxiliary actions:

   Name  Description
   ----  -----------

Evasion Options

Here is the full list of possible evasion options supported by the scanner/jenkins/jenkins_udp_broadcast_enum auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 auxiliary(scanner/jenkins/jenkins_udp_broadcast_enum) > show evasion

Module evasion options:

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Go back to menu.

References

Authors

Adam Compton <[email protected]>
Matt Schmidt <[email protected]>

Version

This page has been produced using Metasploit Framework version 6.2.23-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.

Jenkins Server Broadcast Enumeration - Metasploit

Module Overview

Module Ranking and Traits

Basic Usage

Knowledge Base

Verification Steps

Options

Msfconsole Usage

Module Options

Advanced Options

Auxiliary Actions

Evasion Options

References

See Also

Authors

Version

Nessus Plugin Library

Solving Problems with Office 365 Email from GoDaddy

Empire Module Library

CrackMapExec Module Library

Metasploit Android Modules

Top 16 Active Directory Vulnerabilities

Top 10 Vulnerabilities: Internal Infrastructure Pentest

Terminal Escape Injection

Cisco Password Cracking and Decrypting Guide

Capture Passwords using Wireshark

SSH Brute Force Attack Tool using PuTTY / Plink (ssh-putty-brute.ps1)

SMB Brute Force Attack Tool in PowerShell (SMBLogin.ps1)

Port Scanner in PowerShell (TCP/UDP)

Nessus CSV Parser and Extractor

Default Password Scanner (default-http-login-hunter.sh)

Jenkins Server Broadcast Enumeration - Metasploit

Module Overview

Module Ranking and Traits

Basic Usage

Knowledge Base

Verification Steps

Options

Msfconsole Usage

Module Options

Advanced Options

Auxiliary Actions

Evasion Options

Related Pull Requests

References

See Also

Authors

Version