0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [#2984] No subject

This commit is contained in:
CPol 2022-02-03 02:15:45 +00:00 committed by gitbook-bot
parent 9641f5046e
commit 1b902db7bb
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
3 changed files with 46 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
SUMMARY.md
View File

@ -353,6 +353,7 @@
* [10000 - Pentesting Network Data Management Protocol (ndmp)](pentesting/10000-network-data-management-protocol-ndmp.md)
* [11211 - Pentesting Memcache](pentesting/11211-memcache.md)
* [15672 - Pentesting RabbitMQ Management](pentesting/15672-pentesting-rabbitmq-management.md)
* [24007,24008,24009,49152 - Pentesting GlusterFS](pentesting/24007-24008-24009-49152-pentesting-glusterfs.md)
* [27017,27018 - Pentesting MongoDB](pentesting/27017-27018-mongodb.md)
* [44134 - Pentesting Tiller (Helm)](pentesting/44134-pentesting-tiller-helm.md)
* [44818/UDP/TCP - Pentesting EthernetIP](pentesting/44818-ethernetip.md)

37
pentesting/24007-24008-24009-49152-pentesting-glusterfs.md Normal file
View File

@ -0,0 +1,37 @@
# 24007,24008,24009,49152 - Pentesting GlusterFS
## Basic Information
**GlusterFS** is a **distributed**, arbitrarily scalable **file system** that aggregates storage components from **several servers into one**, uniform file system.
**Default ports**: 24007/tcp/udp, 24008/tcp/udp, 49152/tcp (onwards)\
For the port 49152, ports incremented by 1 need to be open to use more bricks. _Previously the port 24009 was used instead of 49152._
```
PORT STATE SERVICE
24007/tcp open rpcbind
49152/tcp open ssl/unknown
```
### Enumeration
To interact with this filesystem you need to install the [**GlusterFS client**](https://download.gluster.org/pub/gluster/glusterfs/LATEST/) **** (`sudo apt-get install glusterfs-cli`).
To list and mount the available volumes you can use:
```bash
sudo gluster --remote-host=10.10.11.131 volume list
# This will return the name of the volumes
sudo mount -t glusterfs 10.10.11.131:/<vol_name> /mnt/
```
If you receive an **error trying to mount the filesystem**, you can check the logs in `/var/log/glusterfs/`
**Errors mentioning certificates** can be fixed by stealing the files (if you have access to the system):
* /etc/ssl/glusterfs.ca
* /etc/ssl/glusterfs.key
* /etc/ssl/glusterfs.ca.pem
And storing them in your machine `/etc/ssl` or `/usr/lib/ssl` directory (if a different directory is used check for lines similar to: "_could not load our cert at /usr/lib/ssl/glusterfs.pem_" in the logs) .

13
pentesting/3128-pentesting-squid.md
View File

@ -2,11 +2,11 @@
## Basic Information
**Squid** is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, TLS and HTTPS. Squid does not support the SOCKS protocol, unlike Privoxy, with which Squid can be used in order to provide SOCKS support. \(From [here](https://en.wikipedia.org/wiki/Squid_%28software%29)\).
**Squid** is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, TLS and HTTPS. Squid does not support the SOCKS protocol, unlike Privoxy, with which Squid can be used in order to provide SOCKS support. (From [here](https://en.wikipedia.org/wiki/Squid\_\(software\))).
**Default port:** 3128
```text
```
PORT STATE SERVICE VERSION
3128/tcp open http-proxy Squid http proxy 4.11
```
@ -17,12 +17,15 @@ PORT STATE SERVICE VERSION
You can try to set this discovered service as proxy in your browser. However, if it's configured with HTTP authentication you will be prompted for usernames and password.
```bash
# Try yo proxify curl
curl --proxy http://10.10.11.131:3128 http://10.10.11.131
```
### Nmap proxified
You can also try to abuse the proxy to **scan internal ports proxifying nmap**.
You can also try to abuse the proxy to **scan internal ports proxifying nmap**.\
Configure proxychains to use the squid proxy adding he following line at the end of the proxichains.conf file: `http 10.10.10.10 3128`
Then run nmap with proxychains to **scan the host from local**: `proxychains nmap -sT -n -p- localhost`