Hadoop
aka yarn, hdfs
Big-data cluster. The HDFS NameNode UI (9870/50070) browses the distributed filesystem unauthenticated, and the YARN ResourceManager API (8088) lets you submit a job that runs an arbitrary command on a node.
Ports
| Port | Proto | Notes |
|---|---|---|
9870 | tcp | HDFS NameNode UI (50070 legacy) |
8088 | tcp | YARN ResourceManager |
50075 | tcp | DataNode |
Fingerprint
- 'Hadoop' / 'Namenode information' web UIs
- REST APIs under /ws/v1/ respond
Exploitation primitives
- Browse/download HDFS files via the NameNode UI (no auth by default)
- YARN REST: create-application → submit a job whose command is your payload (RCE on a node)
- Cluster runs jobs as the yarn/hadoop user
Overview
Hadoop spreads storage (HDFS) and compute (YARN) across nodes. Two open doors: read the filesystem via the NameNode UI, and run commands via the YARN job API.
Enumeration
Browse HDFS:
http://<TARGET>:9870/explorer.htmlList applications via YARN:
curl -s http://<TARGET>:8088/ws/v1/cluster/apps | jqRCE via YARN
Request an app ID:
curl -s -X POST http://<TARGET>:8088/ws/v1/cluster/apps/new-applicationSubmit a job whose command is your reverse shell (see the YARN submit-application JSON), and it executes on a node.
Hardening
Enable Kerberos auth on HDFS/YARN, lock down the web UIs and REST APIs, and never expose the cluster.