aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vulhub/hadoop/unauthorized-yarn/README.zh-cn.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

31 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Hadoop YARN ResourceManager 未授权访问漏洞
Hadoop YARNYet Another Resource Negotiator是Apache Hadoop的集群资源管理系统。YARN ResourceManager中存在一个未授权访问漏洞由于缺少访问控制未经授权的用户可以在集群上提交并执行任意应用程序。
参考链接:
- <http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf>
- <https://hadoop.apache.org/docs/r2.7.3/hadoop-yarn/hadoop-yarn-site/ResourceManagerRest.html>
## 环境搭建
执行如下命令启动环境:
```
docker compose up -d
```
环境启动后,访问`http://your-ip:8088`即可看到Hadoop YARN ResourceManager的Web管理界面。
## 漏洞复现
漏洞利用方法与原始演示文稿中的方法略有不同。即使没有Hadoop客户端也可以直接通过REST APIhttps://hadoop.apache.org/docs/r2.7.3/hadoop-yarn/hadoop-yarn-site/ResourceManagerRest.html提交任务执行。
漏洞利用过程如下:
1. 在本地机器上设置监听器等待反弹shell连接
2. 调用New Application API创建应用程序
3. 调用Submit Application API提交恶意应用程序
具体实现请参考[漏洞利用脚本](exploit.py)。
Reference in New Issue View Git Blame Copy Permalink