9042/9160 - Pentesting Cassandra

Reading time: 2 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Basic Information

Apache Cassandra ni database ya kugawanywa yenye uwezo mkubwa wa kupanuka na utendaji wa juu iliyoundwa kushughulikia kiasi kikubwa cha data kwenye seva za kawaida, ikitoa upatikanaji wa juu bila nukta moja ya kushindwa. Ni aina ya NoSQL database.

Katika hali kadhaa, unaweza kupata kwamba Cassandra inakubali akidi yoyote (kwa sababu hakuna zilizowekwa) na hii inaweza kumruhusu mshambuliaji kuhesabu database.

Bandari ya kawaida: 9042,9160

PORT     STATE SERVICE   REASON
9042/tcp open  cassandra-native Apache Cassandra 3.10 or later (native protocol versions 3/v3, 4/v4, 5/v5-beta)
9160/tcp open  cassandra syn-ack

Uhesabu

Mikono

bash
pip install cqlsh
cqlsh <IP>
#Basic info enumeration
SELECT cluster_name, thrift_version, data_center, partitioner, native_protocol_version, rack, release_version from system.local;
#Keyspace enumeration
SELECT keyspace_name FROM system.schema_keyspaces;
desc <Keyspace_name>    #Decribe that DB
desc system_auth        #Describe the DB called system_auth
SELECT * from system_auth.roles;  #Retreive that info, can contain credential hashes
SELECT * from logdb.user_auth;    #Can contain credential hashes
SELECT * from logdb.user;
SELECT * from configuration."config";

Automated

Hapa hakuna chaguzi nyingi na nmap haipati taarifa nyingi

bash
nmap -sV --script cassandra-info -p <PORT> <IP>

Brute force

Shodan

port:9160 Cluster
port:9042 "Invalid or unsupported protocol version"

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks