hacktricks/network-services-pentesting/cassandra.md

77 lines
3.8 KiB
Markdown
Raw Normal View History

2022-05-01 13:25:53 +00:00
# 9042/9160 - Pentesting Cassandra
2022-04-28 16:01:33 +00:00
<details>
2024-01-05 22:37:11 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-01-05 22:37:11 +00:00
Other ways to support HackTricks:
2022-04-28 16:01:33 +00:00
2024-01-05 22:37:11 +00:00
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2022-04-28 16:01:33 +00:00
</details>
2022-05-01 13:25:53 +00:00
## Basic Information
Apache Cassandra is a highly scalable, high-performance distributed database designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. It is a type of NoSQL database.\
In several cases you will find **cassandra accepting any credentials** (as there aren't any configured) and you will be able to enumerate the database.
**Default port:** 9042,9160
```
PORT STATE SERVICE REASON
9042/tcp open cassandra-native Apache Cassandra 3.10 or later (native protocol versions 3/v3, 4/v4, 5/v5-beta)
9160/tcp open cassandra syn-ack
```
2022-05-01 13:25:53 +00:00
## Enumeration
2022-05-01 13:25:53 +00:00
### Manual
```bash
pip install cqlsh
cqlsh <IP>
#Basic info enumeration
SELECT cluster_name, thrift_version, data_center, partitioner, native_protocol_version, rack, release_version from system.local;
#Keyspace enumeration
SELECT keyspace_name FROM system.schema_keyspaces;
desc <Keyspace_name> #Decribe that DB
desc system_auth #Describe the DB called system_auth
SELECT * from system_auth.roles; #Retreive that info, can contain credential hashes
SELECT * from logdb.user_auth; #Can contain credential hashes
SELECT * from logdb.user;
SELECT * from configuration."config";
```
2022-05-01 13:25:53 +00:00
### Automated
There aren't much options here and nmap doesn't obtain much info
```bash
nmap -sV --script cassandra-info -p <PORT> <IP>
```
2022-05-01 13:25:53 +00:00
### [**Brute force**](../generic-methodologies-and-resources/brute-force.md#cassandra)
2022-05-01 13:25:53 +00:00
### **Shodan**
`port:9160 Cluster`\
2022-04-05 22:24:52 +00:00
`port:9042 "Invalid or unsupported protocol version"`
2022-04-28 16:01:33 +00:00
<details>
2024-01-05 22:37:11 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-01-05 22:37:11 +00:00
Other ways to support HackTricks:
2022-04-28 16:01:33 +00:00
2024-01-05 22:37:11 +00:00
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2022-04-28 16:01:33 +00:00
</details>