Pentest Lab Setup

Penetration Testing Lab Setup: Jenkins

Hey! You all know that we have performed so many CTF challenges and we got to know about Jenkins there. So let’s know about Jenkins better. For this, we are here with the new challenges which you will face while performing CTF challenges. To do it in an easier way we are here with a new article. So let’s do it.

Table of Content

Introduction of Jenkins

Lab setup

  • Install Java
  • Import the GPG keys
  • Add the Jenkins repository
  • Install Jenkins
  • Setup Jenkins

Jenkins penetration testing

Exploiting Groovy Script

Introduction of Jenkins

Jenkins is an open source automation server written in Java that offers a simple way to set up a continuous CI / CD pipeline. It supports version control tools, including AccuRev, CVS, Subversion, Git, Mercurial, Perforce, TD/OMS, ClearCase, and RTC, and can execute Apache Ant, Apache Maven, and sbt based projects as well as arbitrary shell scripts and Windows batch commands. The creator of Jenkins is Kohsuke Kawaguch. Jenkins achieves Continuous Integration with the help of plugins. Plugins allow the integration of Various DevOps stages. If you want to integrate a particular tool, you need to install the plugins for that tool. For example Git, Maven 2 project, Amazon EC2, HTML publisher etc.

Lab setup

Install Java

Now we need to install Jenkins and for this, it is mandatory that you are logged in from sudo user or root. Because Jenkins is a Java application, installing Java is the first step. Update the package index and install the OpenJDK Java 8 package using the following commands:

sudo apt update
sudo apt install openjdk-8-jdk

Import the GPG keys

wget -q -O - | sudo apt-key add -

Install Jenkins

When the key is added, the system returns all right. Next, add the Debian package repository to the source list of the server:

sudo sh -c 'echo deb binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt update

The Jenkins version with the default Ubuntu packages is often behind the project’s latest version. You can use project-maintained packages to install Jenkins to take advantage of the latest fixes and features. Now open the kali terminal and install Jenkins from the given link below-

sudo apt install jenkins
sudo ufw allow 8080

You can use its status command to check that Jenkins has successfully started.

systemctl status jenkins

Visit Jenkins on its default port 8080 to set up your installation using your server domain name or IP address: http://your server IP or domain:8080

You should see the Unlock Jenkins screen displaying the location of the initial password:

In the terminal window, you need to use the cat command to display the password:

Copy the password from your terminal

sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the password from your terminal and paste it into the Administrator password field and click Continue.

On the next page, you will be asked if you want to install suggested plugins or if you want to select specific plugins. Click the Install suggested plugins box and start the process of installation plugin instantly.

In my case, it took so much time to get all plugin installed successfully. 

Once the installation is completed, you will get another page to create First Admin user account, fill the all essential details and click on “Save and Continue”.

You will see a confirmation page that “Jenkins is ready”. To visit Jenkins main dashboard, click Start using Jenkins Click Save and Finish after confirming the corresponding information.

That’s wonderful! You have successfully installed Jenkins on your system.

Author: Geet Madan is a Certified Ethical Hacker, Researcher and Technical Writer at Hacking Articles on Information Security. Contact here