In the Open

Crypto

Openssl

rsa

Enumeration

Containers

Docs

Snmp

Network_scanners

Windows

Exfiltration

Dns

dns

Linux

Windows

Exploit

CPUs

meltdown

Binaries

aslr

Buffer_overflow

Docs

ropping

Canary_bypass

canary_bypass

Format_string

format_string

Integral_promotion

integral_promotion

Dns

zone_transfer

Hashes

collision

Imagemagick

imagetragick

Java

OGNL

cve_2022_26134

Level3_hypervisor

Docker_sec

docker

Linux

capabilities

Dirty_pipe

dirty_pipe

Pkexec

CVE_2021_4034

Sudo

wildard_exploitation

MacOS

Network

mac_spoofing

Padding

padbuster

Python

Samba

smbmap

Sqli

Ssl_tls

heartbleed

Web

Bypass_rate_limiting

bypass_rate_limiting

command_injection

Content_security_policy

content_security_policy

cookie_tampering
csrf

Forced_browsing

forced_browsing

http_header_injection

Idor

idor

Javascript

Jwt

jwt

local_file_inclusion
methodology

Nodejs

deserialization

Php

re_registration
remote_file_inclusion

Ssrf

Ssti

ssti

Xxe

Windows

Dll_hijacking

dll_hijacking

Docs

Macros

macros

Payloads

windows_scripting_host

Print_nightmare

CVE-2021-1675

Nightmare-dll

print_nightmare

Process_injection

Service_escalation

service_escalation

Zero_logon

zero_logon

Yaml

deserialization

Forensics

Hashes

Bruteforce

Password_cracking

Password_guessing

standard_passwords

Misc

Active_directory

Printer_hacking

preta

Telecommunications

_sipvicious

.github

ISSUE_TEMPLATE

Sipvicious

sip_vicious

Threat_intelligence

Wifi

airmon-ng

Osint

recon_ng

Social_engineering

spiderfoot
theharvester

Persistence

Post exploitation

Seatbelt

.github

ISSUE_TEMPLATE

CHANGELOG

Seatbelt

Commands

Windows

EventLogs

Output

Bc_security

Docs

Windows

pivoting

Priv_esc

Docs

linux_priv_esc
pspy

Windows

Kernel-exploits

Privesc-scripts

Docs

get_script_onto_target

Suid

Reverse engineering

Android

misc

Docs

Java

krakatau

Reverse shells

Docs

firewalls

Windows

Stego

Docs

Hadoop
- Terminology
- Zeppelin
- Ktabs
- HDFS

Hadoop

Distributed storage and computing * Hadoop Attack Libs

Terminology

Cluster, forms the datalake
Node, single host inside the cluster
NameNode, node that keeps the dir tree of the Hadoop file system
DataNode, slave node that stores files and is instructed by the NameNode
Primary NameNode, current active node responsible for keeping the directory structure
Secondary NameNode, hot standby for Primary NameNode. There may be multiple on standby inside the cluster
Master Node, Hadoop management app like HDFS or YARN Manager
Slave Node, Hadoop worker like HDFS or MapReduce. a node can be master and slave at the same time
Edge Node, hosting Hadoop user app like Zeppelin or Hue
Kerberised, security enabled cluster through Kerberos
HDFS, Hadoop Distributed File System, storage device for unstructured data
Hive, primary DB for structured data
YARN, scheduling jobs and resource management
MapReduce, distributed filtering, sorting and reducing
HUE, GUI for HDFS and Hive
Zookeeper, cluster management
Kafka, message broker
Ranger, privileged ACL
Zeppelin, data analytivs inside a webUI

Zeppelin

Try default logins
Try execution inside notebooks

Ktabs

Finding ktpasses to authenticate at the kerberos TGS
Output principals and use them to init

klist -k <keytabfile>
kinit <prinicpal name> -k -V -t <keytabfile>

HDFS

User the hdfs utility to enumerate the distributed network storage

hdfs dfs -ls /

Current user and user on the storage do not have to correspond
Touched files on the storage may be owned by root

hdfs dfs -touchz  testfile /tmp/testfile
hdfs dfs -ls /tmp

Impersonate by sourcing keytab file of the user, NodeManager is the highest user in regards to permission