CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/scanner/etcd/open_key_scanner.md
Views: 1904
Vulnerable Application
etcd is a distributed reliable key-value store, which when used in an open and default configuration gives unauthenticated users access to the data stored via HTTP API.
Centos 7.1
yum install etcd
vi /etc/etcd/etcd.conf
replace (and uncomment) items withlocalhost
for your IP.systemctl start etcd; systemctl enable etcd
On Centos 7.1 you need to mod (or disable) the firewall:
systemctl stop firewalld
Lastly, lets add a key-value for interest:
curl http://[IP]:2379/v2/keys/supersecret -XPUT -d value="password!"
Docker
docker run -p 2379:2379 miguelgrinberg/easy-etcd
Verification Steps
Install the application
Start msfconsole
Do:
use auxiliary/scanner/etcd/open_key_scanner
Do:
set rhosts [IPs]
Do:
run
You should get a JSON response, and the data saved to
loot
.