服务器、添加计划任务、写入Webshell等操作。 漏洞利用 环境介绍 环境搭建 常见的未授权访问漏洞： Redis 未授权访问漏洞 MongoDB 未授权访问漏洞 Jenkins 未授权访问漏洞 Memcached 未授权访问漏洞 JBOSS 未授权访问漏洞 VNC 未授权访问漏洞 Docker 未授权访问漏洞 ZooKeeper 未授权访问漏洞 Rsync 127.0.0.1 Jenkins 未授权访问漏洞 漏洞简介以及危害 默认情况下 Jenkins面板中用户可以选择执行脚本界面来操作一些系统层命令，攻击者可通过未授 权访问漏洞或者暴力破解用户密码等进入后台管理服务，通过脚本执行界面从而获取服务器权限。 漏洞利用 环境介绍 环境搭建 下载地址：http://mirrors.jenkins.io/ 测试机：Windows10 连接工具：Xshell wget http://mirrors.jenkins.io/debian/jenkins_1.621_all.deb # 下载 dpkg -i jenkins_1.621_all.deb # 安装 sudo apt-get -f --fix-missing install # 如果有报依赖项的错误时执行 开启Jenkins服务 service jenkinis start

Тестирование ClickHouse, которого мы заслуживаем Про CI CI в ClickHouse раньше Внутренняя инсталляция Jenkins › Железные хосты › Сборки под разные версии Ubuntu › Функциональные тесты Бесплатный план в Travis тестов 53 / 77 Тестирование ClickHouse, которого мы заслуживаем Проблемы старого CI Недостатки Jenkins: › Не тестировались внешние пулл реквесты › Не было возможности запуска тяжелых тестов › Сборки не старого CI Недостатки Jenkins: › Не тестировались внешние пулл реквесты › Не было возможности запуска тяжелых тестов › Сборки не сохранялись Фундаментальные недостатки Jenkins: › Job DSL или программирование

0-beta Jenkins * 1: ${host-jenkins} Sysbench * 1: ${host-sysbench} ShardingSphere-Proxy * 1: ${host-proxy} MySQL Server * 2: ${host-mysql-1}, ${host-mysql-2} The hardware standards of Jenkins and Sysbench Apache ShardingSphere document, v5.0.0-beta Jenkins Configuration Create 6 Jenkins tasks, and each task calls the next task in turn: (runs on the ${host-jenkins} ma‐ chine). 1. sysbench_install: Pull the compression package The following tasks are run on a separate Sysbench pressure generating machine via Jenkins slave: (runs on the {host-sysbench} machine) 2. sysbench_sharding: a. Sharding scenarios for remote

0-beta 至少需要 5 台机器： Jenkins * 1: ${host-jenkins} Sysbench * 1: ${host-sysbench} ShardingSphere-Proxy * 1: ${host-proxy} MySQL Server * 2: ${host-mysql-1}, ${host-mysql-2} 可以适当降低 Jenkins 和 Sysbench 机器的硬件标准 ShardingSphere document, v5.0.0-beta Jenkins 配置 创建 6 个 Jenkins 任务，每个任务依次调用下一个任务：（运行在 ${host‐jenkins} 机器） 1. sysbench_install: 拉取最新代码，打包 Proxy 压缩包 以下任务通过 Jenkins slave 运行在单独的 Sysbench 发压机器：（运行在 ${host‐sysbench} b. 使用 Jenkins 的 Publish HTML reports 插件将所有图片整合到一个 HTML 页面中 3.10. 测试引擎 122 Apache ShardingSphere document, v5.0.0-beta 测试过程 以 sysbench_sharding 为例（其他场景类似） 进入 sysbench 压测结果目录 cd /home/jenkins/sysbench_res/sharding

required: Jenkins * 1: ${host-jenkins} Sysbench * 1: ${host-sysbench} ShardingSphere-Proxy * 1: ${host-proxy} MySQL Server * 2: ${host-mysql-1}, ${host-mysql-2} The hardware standards of Jenkins and Sysbench Sysbench machines can appropriately lower. Software Environment Jenkins: The latest version Sysbench: 1.0.20 ShardingSphere-Proxy: package from master branch MySQL Server: 5.7.28 Test Program According 500000 Set parameter: max_connections = 2000 Jenkins Configuration Create 6 Jenkins tasks, and each task calls the next task in turn: (runs on the ${host-jenkins} ma‐ chine). 1. sysbench_install: Pull the

required: Jenkins * 1: ${host-jenkins} Sysbench * 1: ${host-sysbench} ShardingSphere-Proxy * 1: ${host-proxy} MySQL Server * 2: ${host-mysql-1}, ${host-mysql-2} The hardware standards of Jenkins and Sysbench Sysbench machines can appropriately lower. Software Environment Jenkins: The latest version Sysbench: 1.0.20 ShardingSphere-Proxy: package from master branch MySQL Server: 5.7.28 Test Program According 500000 Set parameter: max_connections = 2000 Jenkins Configuration Create 6 Jenkins tasks, and each task calls the next task in turn: (runs on the ${host-jenkins} ma‐ chine). 1. sysbench_install: Pull the

com/pingcap/tidb/parser/yy_parser.go:96: 11. github.com/pingcap/tidb/parser/yy_parser.go:109: 12. /home/jenkins/workspace/build_tidb_tools_master/go/src/github.com/pingcap/tidb-tools/checker/checker.go:122: InnoDB, 19. PARTITION P3 VALUES LESS THAN (6) TABLESPACE = ts3 ENGINE = InnoDB) */ error 20. /home/jenkins/workspace/build_tidb_tools_master/go/src/github.com/pingcap/tidb-tools/checker/checker.go:114: 21

'1155173304420532225' for key 'PRIMARY'\n �→ /home/jenkins/workspace/build_dm/go/src/ �→ github.com/pingcap/tidb-enterprise-tools/ �→ loader/db.go:160: \n/home/jenkins/ �→ workspace/build_dm/go/src/github.com/ com/ �→ pingcap/tidb-enterprise-tools/loader/db. �→ go:105: \n/home/jenkins/workspace/ �→ build_dm/go/src/github.com/pingcap/tidb- �→ enterprise-tools/loader/loader.go:138: �→ file test.t1.sql" } ], "detail":

'1155173304420532225' for key 'PRIMARY'\n �→ /home/jenkins/workspace/build_dm/go/src/ �→ github.com/pingcap/tidb-enterprise-tools/ �→ loader/db.go:160: \n/home/jenkins/ �→ workspace/build_dm/go/src/github.com/ com/ �→ pingcap/tidb-enterprise-tools/loader/db. �→ go:105: \n/home/jenkins/workspace/ �→ build_dm/go/src/github.com/pingcap/tidb- �→ enterprise-tools/loader/loader.go:138: �→ file test.t1.sql" } ], "detail":

'1155173304420532225' for key �→ 'PRIMARY'\n/home/jenkins/workspace/build_dm/go/src/ �→ github.com/pingcap/tidb-enterprise-tools/loader/db.go �→ :160: \n/home/jenkins/workspace/build_dm/go/src/github. �→ com/ com/pingcap/tidb-enterprise-tools/loader/db.go:105: \n/ �→ home/jenkins/workspace/build_dm/go/src/github.com/pingcap �→ /tidb-enterprise-tools/loader/loader.go:138: file test.t1 �→ .sql" } ], "detail":