Skip to content

Instantly share code, notes, and snippets.

@djhohnstein
Last active March 30, 2021 18:15
Show Gist options
  • Save djhohnstein/88ae2778e4b66db0839670ae6b7d9a54 to your computer and use it in GitHub Desktop.
Save djhohnstein/88ae2778e4b66db0839670ae6b7d9a54 to your computer and use it in GitHub Desktop.
import sys
try:
import re
import base64
from hashlib import sha256
from binascii import hexlify, unhexlify
from Crypto.Cipher import AES
from xml.dom import minidom
from pprint import pprint
import csv
import os
from glob import glob
except Exception as e:
print("Exception during import: {}".format(e))
sys.exit(0)
MAGIC = b"::::MAGIC::::"
def usage():
print("./jenkinsBuildEnvVars.py <path to jenkins home>")
sys.exit(0)
def decryptNewPassword(secret, p):
p = p[1:] #Strip the version
# Get the length of the IV, almost certainly 16 bytes, but calculating for completeness sake
iv_length = ((p[0] & 0xff) << 24) | ((p[1] & 0xff) << 16) | ((p[2] & 0xff) << 8) | (p[3] & 0xff)
# Strip the iv length
p = p[4:]
# Get the data length
data_length = ((p[0] & 0xff) << 24) | ((p[1] & 0xff) << 16) | ((p[2] & 0xff) << 8) | (p[3] & 0xff)
# Strip the data length
p = p[4:]
iv = p[:iv_length]
p = p[iv_length:]
o = AES.new(secret, AES.MODE_CBC, iv)
decrypted_p = o.decrypt(p)
# We may need to strip PKCS7 padding
fully_decrypted_blocks = decrypted_p[:-16]
possibly_padded_block = decrypted_p[-16:]
padding_length = possibly_padded_block[-1]
if padding_length <= 16: # Less than size of one block, so we have padding
possibly_padded_block = possibly_padded_block[:-padding_length]
pw = fully_decrypted_blocks + possibly_padded_block
pw = pw.decode('utf-8')
return pw
def decryptOldPassword(secret, p):
# Copying the old code, I have not verified if it works
o = AES.new(secret, AES.MODE_ECB)
x = o.decrypt(p)
assert MAGIC in x
return re.findall('(.*)' + MAGIC, x)[0]
def main():
try:
if len(sys.argv) != 2:
usage()
if not os.path.isdir(sys.argv[1]):
print("[-] Could not find directory: {}".format(sys.argv[1]))
return
masterKeyPath = os.path.join(sys.argv[1], "secrets/master.key")
hudsonKeyPath = os.path.join(sys.argv[1], "secrets/hudson.util.Secret")
if not os.path.isfile(masterKeyPath) or not os.path.isfile(hudsonKeyPath):
print("[-] Could not find one of {} or {}".format(masterKeyPath, hudsonKeyPath))
return
master_key = open(masterKeyPath, 'rb').read()
hudson_secret_key = open(hudsonKeyPath, 'rb').read()
hashed_master_key = sha256(master_key).digest()[:16]
o = AES.new(hashed_master_key, AES.MODE_ECB)
secret = o.decrypt(hudson_secret_key)
secret = secret[:-16]
secret = secret[:16]
jobsPath = os.path.join(sys.argv[1], "jobs")
jobs = glob(os.path.join(jobsPath, "*/"))
for jobDir in jobs:
lastSuccessful = os.path.join(jobDir, "lastSuccessful")
lastInjectedEnvVars = os.path.join(lastSuccessful, "injectedEnvVars.txt")
configPath = os.path.join(jobDir, "config.xml")
try:
configDoc = minidom.parse(configPath)
arrayList = configDoc.getElementsByTagName("EnvInjectPasswordEntry")
password_dict = {}
for node in arrayList:
name = node.getElementsByTagName("name")[0]
val = node.getElementsByTagName("value")[0]
enc_value = val.firstChild.nodeValue
if enc_value[0] == "{" and enc_value[-1] == "}":
enc_value = enc_value[1:-1]
p = base64.decodestring(bytes(enc_value, 'utf-8'))
payload_version = p[0]
if payload_version == 1:
password_dict[name.firstChild.nodeValue] = decryptNewPassword(secret, p)
else: # Assuming we don't have a V2 payload, seeing as current crypto isn't horrible that's a fair assumption
password_dict[name.firstChild.nodeValue] = decryptOldPassword(secret, p)
with open(lastInjectedEnvVars, "r") as f:
envvarsLines = [l.strip() for l in f.readlines() if l.strip()]
print("Environment variables for: {}".format(jobDir))
for l in envvarsLines:
parts = l.split("=")
if parts[0] in password_dict.keys():
print("{}={}".format(parts[0], password_dict[parts[0]]))
else:
print(l)
print("")
print("")
except Exception as e:
print("Error occurred while parsing job: {}".format(e))
except Exception as e:
print("Error while in main: {}".format(e))
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment