maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/network-services-pentesting/8086-pentesting-influxdb.md

106 lines
3.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 8086 - Pentesting InfluxDB
{{#include ../banners/hacktricks-training.md}}
## 基本信息
**InfluxDB** 是由 InfluxData 开发的开源 **时间序列数据库 (TSDB)**。TSDB 针对存储和服务时间序列数据进行了优化,这些数据由时间戳-值对组成。与通用数据库相比TSDB 在 **存储空间****性能** 上为时间序列数据集提供了显著的改进。它们采用专门的压缩算法,并可以配置为自动删除旧数据。专门的数据库索引也增强了查询性能。
**默认端口**8086
```
PORT STATE SERVICE VERSION
8086/tcp open http InfluxDB http admin 1.7.5
```
## 枚举
从渗透测试者的角度来看,这是另一个可能存储敏感信息的数据库,因此了解如何转储所有信息是很有趣的。
### 认证
InfluxDB 可能需要认证,也可能不需要。
```bash
# Try unauthenticated
influx -host 'host name' -port 'port #'
> use _internal
```
如果您**遇到这样的错误**`ERR: unable to parse authentication credentials`,这意味着它**期望一些凭据**。
```
influx username influx password influx_pass
```
在 influxdb 中存在一个漏洞,允许绕过身份验证:[**CVE-2019-20933**](https://github.com/LorenzoTullini/InfluxDB-Exploit-CVE-2019-20933)
### 手动枚举
此示例的信息来自 [**这里**](https://oznetnerd.com/2017/06/11/getting-know-influxdb/)。
#### 显示数据库
找到的数据库是 `telegraf``internal`(您会在各处找到这个)。
```bash
> show databases
name: databases
name
----
telegraf
_internal
```
#### 显示表/测量
The [**InfluxDB documentation**](https://docs.influxdata.com/influxdb/v1.2/introduction/getting_started/) explains that **measurements** in InfluxDB can be paralleled with SQL tables. The nomenclature of these **measurements** is indicative of their respective content, each housing data relevant to a particular entity.
```bash
> show measurements
name: measurements
name
----
cpu
disk
diskio
kernel
mem
processes
swap
system
```
#### 显示列/字段键
字段键就像数据库的 **列**
```bash
> show field keys
name: cpu
fieldKey fieldType
-------- ---------
usage_guest float
usage_guest_nice float
usage_idle float
usage_iowait float
name: disk
fieldKey fieldType
-------- ---------
free integer
inodes_free integer
inodes_total integer
inodes_used integer
[ ... more keys ...]
```
#### Dump Table
最后,您可以通过执行类似的操作来**转储表**
```bash
select * from cpu
name: cpu
time cpu host usage_guest usage_guest_nice usage_idle usage_iowait usage_irq usage_nice usage_softirq usage_steal usage_system usage_user
---- --- ---- ----------- ---------------- ---------- ------------ --------- ---------- ------------- ----------- ------------ ----------
1497018760000000000 cpu-total ubuntu 0 0 99.297893681046 0 0 0 0 0 0.35105315947842414 0.35105315947842414
1497018760000000000 cpu1 ubuntu 0 0 99.69909729188728 0 0 0 0 0 0.20060180541622202 0.10030090270811101
```
> [!WARNING]
> 在一些使用身份验证绕过的测试中注意到,表的名称需要用双引号括起来,例如:`select * from "cpu"`
### 自动化身份验证
```bash
msf6 > use auxiliary/scanner/http/influxdb_enum
```
{{#include ../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink