9042 - Cassandra

💡 学习提示: 本文档介绍 Cassandra 的渗透测试方法,适合信息安全初学者和从业人员参考。

⚠️ 法律声明: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。

⚠️ 法律声明: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。

9042/9160 - 渗透测试 Cassandra

基本信息

Apache Cassandra is a highly scalable, high-performance distributed database designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. It is a type of NoSQL database.

In several cases, you may find that Cassandra accepts any credentials (as there aren’t any configured) and this could potentially allow an attacker to enumerate the database.

默认 port: 9042,9160

PORT     STATE SERVICE   REASON
9042/tcp open  cassandra-native Apache Cassandra 3.10 or later (native protocol versions 3/v3, 4/v4, 5/v5-beta)
9160/tcp open  cassandra syn-ack

信息收集

Manual

pip install cqlsh
cqlsh <IP>
#Basic info enumeration
SELECT cluster_name, thrift_version, data_center, partitioner, native_protocol_version, rack, release_version from system.local;
#Keyspace enumeration
SELECT keyspace_name FROM system.schema_keyspaces;
desc <Keyspace_name>    #Decribe that DB
desc system_auth        #Describe the DB called system_auth
SELECT * from system_auth.roles;  #Retreive that info, can contain credential hashes
SELECT * from logdb.user_auth;    #Can contain credential hashes
SELECT * from logdb.user;
SELECT * from configuration."config";

Automated

There aren’t much options here and nmap doesn’t obtain much info

nmap -sV --script cassandra-info -p <PORT> <IP>

Brute force

Shodan

port:9160 Cluster
port:9042 "Invalid or unsupported protocol version"

搜索引擎语法

FOFA

# FOFA 搜索语法
port="9042"

Shodan

# Shodan 搜索语法
port:9042

ZoomEye

# ZoomEye 搜索语法
port:9042

📖 参考资料