8086 - Pentesting InfluxDB

Reading time: 3 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Basic Information

InfluxDB ni hifadhidata ya wazi ya time series database (TSDB) iliyotengenezwa na InfluxData. TSDBs zimeboreshwa kwa ajili ya kuhifadhi na kutoa data za muda, ambazo zinajumuisha jozi za alama za muda na thamani. Ikilinganishwa na hifadhidata za matumizi ya jumla, TSDBs zinatoa maboresho makubwa katika nukuu ya hifadhi na utendaji kwa seti za data za muda. Zinatumia algorithimu maalum za kuf compress na zinaweza kuwekwa ili kuondoa data za zamani kiotomatiki. Indices maalum za hifadhidata pia zinaongeza utendaji wa maswali.

Default port: 8086

PORT     STATE SERVICE VERSION
8086/tcp open  http    InfluxDB http admin 1.7.5

Uainishaji

Kutoka kwa mtazamo wa pentester hii ni database nyingine ambayo inaweza kuwa inahifadhi taarifa nyeti, hivyo ni ya kuvutia kujua jinsi ya kutoa taarifa zote.

Uthibitishaji

InfluxDB inaweza kuhitaji uthibitishaji au la

bash
# Try unauthenticated
influx -host 'host name' -port 'port #'
> use _internal

Ikiwa unapata kosa kama hili: ERR: unable to parse authentication credentials inamaanisha kwamba inatarajia baadhi ya akreditivu.

influx –username influx –password influx_pass

Kulikuwa na udhaifu katika influxdb ambao uliruhusu kupita uthibitisho: CVE-2019-20933

Uhesabu wa Mikono

Taarifa za mfano huu zilichukuliwa kutoka hapa.

Onyesha hifadhidata

Hifadhidata zilizopatikana ni telegraf na internal (utazipata hii kila mahali)

bash
> show databases
name: databases
name
----
telegraf
_internal

Onyesha meza/mipimo

The InfluxDB documentation inaeleza kwamba mipimo katika InfluxDB yanaweza kulinganishwa na meza za SQL. Neno la mipimo linaashiria maudhui yao husika, kila moja ikihifadhi data inayohusiana na entiti maalum.

bash
> show measurements
name: measurements
name
----
cpu
disk
diskio
kernel
mem
processes
swap
system

Onyesha funguo za uwanja

Funguo za uwanja ni kama safuwima za hifadhidata

bash
> show field keys
name: cpu
fieldKey         fieldType
--------         ---------
usage_guest      float
usage_guest_nice float
usage_idle       float
usage_iowait     float

name: disk
fieldKey     fieldType
--------     ---------
free         integer
inodes_free  integer
inodes_total integer
inodes_used  integer

[ ... more keys ...]

Dump Table

Na hatimaye unaweza dump the table ukifanya kitu kama

bash
select * from cpu
name: cpu
time                cpu       host   usage_guest usage_guest_nice usage_idle        usage_iowait        usage_irq usage_nice usage_softirq        usage_steal usage_system        usage_user
----                ---       ----   ----------- ---------------- ----------        ------------        --------- ---------- -------------        ----------- ------------        ----------
1497018760000000000 cpu-total ubuntu 0           0                99.297893681046   0                   0         0          0                    0           0.35105315947842414 0.35105315947842414
1497018760000000000 cpu1      ubuntu 0           0                99.69909729188728 0                   0         0          0                    0           0.20060180541622202 0.10030090270811101

warning

Katika baadhi ya majaribio na kuondoa uthibitisho, ilibainika kwamba jina la jedwali linahitaji kuwa kati ya nukuu mbili kama: select * from "cpu"

Uthibitishaji wa Kiotomatiki

bash
msf6 > use auxiliary/scanner/http/influxdb_enum

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks