unauthorized-yarn

Hadoop YARN ResourceManager 未授权访问

原理

参考 http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf

测试环境

运行测试环境

docker compose up -d

环境启动后，访问http://your-ip:8088即可看到Hadoop YARN ResourceManager WebUI页面。

利用

利用方法和原理中有一些不同。在没有 hadoop client 的情况下，直接通过 REST API (https://hadoop.apache.org/docs/r2.7.3/hadoop-yarn/hadoop-yarn-site/ResourceManagerRest.html) 也可以提交任务执行。

利用过程如下：

在本地监听等待反弹 shell 连接
调用 New Application API 创建 Application
调用 Submit Application API 提交

参考 exp 脚本

Name		Name	Last commit message	Last commit date
parent directory ..
README.md		README.md
docker-compose.yml		docker-compose.yml
exploit.py		exploit.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

unauthorized-yarn

unauthorized-yarn

README.md

README.md

docker-compose.yml

docker-compose.yml

exploit.py

exploit.py

README.md

Hadoop YARN ResourceManager 未授权访问

原理

测试环境

利用

Files

unauthorized-yarn

Directory actions

More options

Directory actions

More options

Latest commit

History

unauthorized-yarn

Folders and files

parent directory

README.md

README.md

docker-compose.yml

docker-compose.yml

exploit.py

exploit.py

README.md

Hadoop YARN ResourceManager 未授权访问

原理

测试环境

利用