<p dir="ltr">Interesting. But hundreds of connections to random Chinese computers should have also been a tip off, regardless of protocols used. Still good work overall. The Jenkins vulns are concerning because Cyanogenmod, TeamWin / TWRP, openstack, and tons of other projects depend on the security of Jenkins project build systems not being compromised. To know how bad Jenkins is, I found more 0day in Jenkins recently in 5 minutes of just skimming and used it to PoC hack one of the main developers of Jenkins, which I could have used to own millions of mobile phones and openstack servers by committing a simple backdoor upstream. I'm a whitehat though. But you should really fear Jenkins because surely the Chinese / NSA and others have owned numerous projects with it. Here is a screenshot of me popping a remote shell on a Jenkins core developer with commit access...yes really...</p>
<p dir="ltr"><a href="https://s23.postimg.org/6qnenzbbv/tmp_20410_Screenshot_from_2016_03_10_12_13_17119.png">https://s23.postimg.org/6qnenzbbv/tmp_20410_Screenshot_from_2016_03_10_12_13_17119.png</a></p>
<p dir="ltr">I have not shared the numerous 0day with anyone but a small select group of people and only one of the vulns to the Jenkins team. This is a big hint for Google Project Zero to invest some effort there if they haven't already ;) Jenkins team says they will make "big changes" when v2.0 is released, but I can smell backdoors already have been added upstream and other exploitable vectors will be around even if they really do enable "security by default" in the next major release..</p>
<div class="gmail_quot<blockquote class=" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr"><a href="http://slides.com/eldraco/robots-vs-robots" target="_blank">http://slides.com/eldraco/robots-vs-robots</a></p>
<p dir="ltr">Possibly relevant to discussion :)</p>
<br>_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" rel="noreferrer" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br>
<br></div>