hacktricks/network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md
2022-05-01 13:25:53 +00:00

4 KiB

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo.

Information taken from the book Network Security Assesment 3rd Edition

Basic Information

Apache Hadoop is an open source framework supporting the distributed storage and processing of large datasets using computer clusters. Storage is handled by the Hadoop Distributed File System (HDFS) and processing is performed by using MapReduce and other applications (e.g., Apache Storm, Flink, and Spark) via YARN.

Figure 15-1. Hadoop 2.0 architecture

You can query MapReduce and HDFS services by using the Nmap scripts listed in the following table (including details of the default ports). At the time of writing, Metasploit does not support Hadoop.

Script name Port Purpose
hadoop-jobtracker-info 50030 Retrieve information from MapReduce job and task tracker services
hadoop-tasktracker-info 50060
hadoop-namenode-info 50070 Retrieve info from HDFS name node
hadoop-datanode-info 50075 Retrieve info from HDFS data node
hadoop-secondary-namenode-info 50090 Retrieve info from HDFS secondary name node

Lightweight Python and Go HDFS clients are available online. Hadoop runs without authentication by default. You can configure HDFS, YARN, and MapReduce services to use Kerberos.

Support HackTricks and get benefits!

Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!

Discover The PEASS Family, our collection of exclusive NFTs

Get the official PEASS & HackTricks swag

Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.

Share your hacking tricks submitting PRs to the hacktricks github repo.