mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-29 08:01:00 +00:00
3.8 KiB
3.8 KiB
9042/9160 - Pentesting Cassandra
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Basic Information
Apache Cassandra is a highly scalable, high-performance distributed database designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. It is a type of NoSQL database.
In several cases, you may find that Cassandra accepts any credentials (as there aren't any configured) and this could potentially allow an attacker to enumerate the database.
Default port: 9042,9160
PORT STATE SERVICE REASON
9042/tcp open cassandra-native Apache Cassandra 3.10 or later (native protocol versions 3/v3, 4/v4, 5/v5-beta)
9160/tcp open cassandra syn-ack
Enumeration
Manual
pip install cqlsh
cqlsh <IP>
#Basic info enumeration
SELECT cluster_name, thrift_version, data_center, partitioner, native_protocol_version, rack, release_version from system.local;
#Keyspace enumeration
SELECT keyspace_name FROM system.schema_keyspaces;
desc <Keyspace_name> #Decribe that DB
desc system_auth #Describe the DB called system_auth
SELECT * from system_auth.roles; #Retreive that info, can contain credential hashes
SELECT * from logdb.user_auth; #Can contain credential hashes
SELECT * from logdb.user;
SELECT * from configuration."config";
Automated
There aren't much options here and nmap doesn't obtain much info
nmap -sV --script cassandra-info -p <PORT> <IP>
Brute force
Shodan
port:9160 Cluster
port:9042 "Invalid or unsupported protocol version"
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
Other ways to support HackTricks:
- If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the SUBSCRIPTION PLANS!
- Get the official PEASS & HackTricks swag
- Discover The PEASS Family, our collection of exclusive NFTs
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @carlospolopm.
- Share your hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.