Jenkins Pentest Lab Setup

Hey! You all know that we have performed so many CTF challenges and we got to know about Jenkins there. So let’s know about Jenkins better. For this, we are here with the new challenges which you will face while performing CTF challenges. To do it in an easier way we are here with a new article. So let’s do it.

Chào! Tất cả các bạn đều biết rằng chúng tôi đã thực hiện rất nhiều thử thách CTF và chúng tôi đã biết về Jenkins ở đó. Vì vậy, hãy để cho biết về Jenkins tốt hơn. Đối với điều này, chúng tôi đang ở đây với những thách thức mới mà bạn sẽ phải đối mặt trong khi thực hiện các thách thức CTF. Để làm điều đó một cách dễ dàng hơn, chúng tôi đang ở đây với một bài viết mới. Vậy hãy để Lừa làm điều đó.

Table of Content

Introduction of Jenkins

Lab setup

  • Install Java
  • Import the GPG keys
  • Add the Jenkins repository
  • Install Jenkins
  • Setup Jenkins

Jenkins penetration testing

Exploiting Groovy Script

Introduction of Jenkins

Jenkins is an open source automation server written in Java that offers a simple way to set up a continuous CI / CD pipeline. It supports version control tools, including AccuRev, CVS, Subversion, Git, Mercurial, Perforce, TD/OMS, ClearCase, and RTC, and can execute Apache Ant, Apache Maven, and sbt based projects as well as arbitrary shell scripts and Windows batch commands. The creator of Jenkins is Kohsuke Kawaguch. Jenkins achieves Continuous Integration with the help of plugins. Plugins allow the integration of Various DevOps stages. If you want to integrate a particular tool, you need to install the plugins for that tool. For example Git, Maven 2 project, Amazon EC2, HTML publisher etc.

Lab setup

Install Java

Now we need to install Jenkins and for this, it is mandatory that you are logged in from sudo user or root. Because Jenkins is a Java application, installing Java is the first step. Update the package index and install the OpenJDK Java 8 package using the following commands:

12sudo apt updatesudo apt install openjdk-8-jdk

Import the GPG keys

1wget -q -O – | sudo apt-key add –

Install Jenkins

When the key is added, the system returns all right. Next, add the Debian package repository to the source list of the server:

12sudo sh -c ‘echo deb binary/ > /etc/apt/sources.list.d/jenkins.list’sudo apt update

The Jenkins version with the default Ubuntu packages is often behind the project’s latest version. You can use project-maintained packages to install Jenkins to take advantage of the latest fixes and features. Now open the kali terminal and install Jenkins from the given link below-

12sudo apt install jenkinssudo ufw allow 8080

You can use its status command to check that Jenkins has successfully started.

1systemctl status jenkins

Visit Jenkins on its default port 8080 to set up your installation using your server domain name or IP address: http://your server IP or domain:8080

You should see the Unlock Jenkins screen displaying the location of the initial password:

In the terminal window, you need to use the cat command to display the password:

Copy the password from your terminal

1sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the password from your terminal and paste it into the Administrator password field and click Continue.

On the next page, you will be asked if you want to install suggested plugins or if you want to select specific plugins. Click the Install suggested plugins box and start the process of installation plugin instantly.

In my case, it took so much time to get all plugin installed successfully. 

Once the installation is completed, you will get another page to create First Admin user account, fill the all essential details and click on “Save and Continue”.

You will see a confirmation page that “Jenkins is ready”. To visit Jenkins main dashboard, click Start using Jenkins Click Save and Finish after confirming the corresponding information.

That’s wonderful! You have successfully installed Jenkins on your system.