Jenkins Pentest Lab Setup


You all know that we have performed so many ctf challenges and we got to know about jenkins there.so lets know about jenkins better. For this we are here with the new challenges which you will face peforming ctf challenges.to do it in a easier way we are here with a new article.so let’s do it.

Table of Content
·         Install java
·         Import the GPG keys
·         Setup Jenkins
Jenkins penetration testing
Exploiting Groovy Script


Introduction of Jenkins

Jenkins is an open source automation server written in Java that offers a simple way to set up a continuous CI / CD pipeline.  It supports version control tools,including AccuRevCVSSubversionGitMercurialPerforceTD/OMSClearCase and RTC, and can execute Apache AntApache Maven and sbt based projects as well as arbitrary shell scripts and Windows batch commands. The creator of Jenkins is Kohsuke Kawaguch. Jenkins achieves Continuous Integration with the help of plugins. Plugins allows the integration of Various DevOps stages. If you want to integrate a particular tool, you need to install the plugins for that tool. For example: Git, Maven 2 project, Amazon EC2, HTML publisher etc.

Lab setup

Install Java
Now we need to install Jenkins and for this it is mandatory that you are logged in from sudo user or root. Because Jenkins is a Java application, installing Java is the first step. Update the package index and install the OpenJDK Java 8 package using the following commands:
sudo apt update
sudo apt install openjdk-8-jdk

wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -
Install Jenkins
When the key is added, the system returns all right. Next, add the Debian package repository to the source list of the server:
sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt update
The Jenkins version with the default Ubuntu packages is often behind the project's latest version. You can use project-maintained packages to install Jenkins to take advantage of the latest fixes and features. Now open the kali terminal and install Jenkins from the given link below-
sudo apt install Jenkins
sudo ufw allow 8080
You can use its status command to check that Jenkins has successfully started.
systemctl status jenkins
Visit Jenkins on its default port 8080 to set up your installation using your server domain name or IP address: http:/your server ip or domain:8080
You should see the Unlock Jenkins screen displaying the location of the initial password:
In the terminal window, you need to use the cat command to display the password:
sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the password from your terminal and paste it into the Administrator password field and click Continue.

On the next page, you will be asked if you want to install suggested plugins or if you want to select specific plugins. Click the Install suggested plugins box and start the process of installation plugin instantly.
In my case it took so much time to get all plugin installed successfully. 

Once the installation is completed, you will get another page to create First Admin user account, fill the all essential details and click on “Save and Continue”.
You will see a confirmation page that "Jenkins is ready”. To visit Jenkins main dashboard, click Start using Jenkins Click Save and Finish after confirming the corresponding information.
That’s wonderful! You have successfully installed Jenkins on your system.

0 comments:

Post a Comment