24007,24008,24009,49152 - Pentesting GlusterFS
- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
GlusterFS is a distributed, arbitrarily scalable file system that aggregates storage components from several servers into one, uniform file system.
Default ports: 24007/tcp/udp, 24008/tcp/udp, 49152/tcp (onwards)
For the port 49152, ports incremented by 1 need to be open to use more bricks. Previously the port 24009 was used instead of 49152.
PORT STATE SERVICE
24007/tcp open rpcbind
49152/tcp open ssl/unknown
To interact with this filesystem you need to install the GlusterFS client (
sudo apt-get install glusterfs-cli).To list and mount the available volumes you can use:
sudo gluster --remote-host=10.10.11.131 volume list
# This will return the name of the volumes
sudo mount -t glusterfs 10.10.11.131:/<vol_name> /mnt/
If you receive an error trying to mount the filesystem, you can check the logs in
/var/log/glusterfs/Errors mentioning certificates can be fixed by stealing the files (if you have access to the system):
- /etc/ssl/glusterfs.ca
- /etc/ssl/glusterfs.key
- /etc/ssl/glusterfs.ca.pem
And storing them in your machine
/etc/ssl or /usr/lib/ssl directory (if a different directory is used check for lines similar to: "could not load our cert at /usr/lib/ssl/glusterfs.pem" in the logs) .- Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!