Hadoop YARN ResourceManager 未授权访问
by ADummy
0x00利用路线
exp直接打—>其实是发了两次http包
0x01漏洞介绍
访问http://your-ip:8088
即可看到Hadoop YARN ResourceManager WebUI页面
![在这里插入图片描述](https://img-blog.csdnimg.cn/20210310104546820.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzQxNjQ2OQ==,size_16,color_FFFFFF,t_70)
本机监听9999端口,收到shell
![在这里插入图片描述](https://img-blog.csdnimg.cn/20210310104546873.jpg?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80MzQxNjQ2OQ==,size_16,color_FFFFFF,t_70)
0x03参考资料
https://blog.csdn.net/xuandao_ahfengren/article/details/107127276
e/details/107127276