9042/9160 - Pentesting Cassandra - HackTricks

Search…

👾

Welcome!

About the author

Getting Started in Hacking

🤩

Generic Methodologies & Resources

Pentesting Methodology

External Recon Methodology

Pentesting Network

Pentesting Wifi

Phishing Methodology

Basic Forensic Methodology

Brute Force - CheatSheet

Python Sandbox Escape & Pyscript

Tunneling and Port Forwarding

Search Exploits

Shells (Linux, Windows, MSFVenom)

🐧

Linux Hardening

Checklist - Linux Privilege Escalation

Linux Privilege Escalation

Useful Linux Commands

Bypass Linux Shell Restrictions

Linux Environment Variables

Linux Post-Exploitation

🍏

MacOS Hardening

MacOS Security & Privilege Escalation

🪟

Windows Hardening

Checklist - Local Windows Privilege Escalation

Windows Local Privilege Escalation

Active Directory Methodology

Lateral Movement

Authentication, Credentials, UAC and EFS

Stealing Credentials

Basic CMD for Pentesters

Basic PowerShell for Pentesters

📱

Mobile Pentesting

Android APK Checklist

Android Applications Pentesting

iOS Pentesting Checklist

👽

Network Services Pentesting

Pentesting JDWP - Java Debug Wire Protocol

Pentesting Printers

Pentesting Remote GdbServer

7/tcp/udp - Pentesting Echo

21 - Pentesting FTP

22 - Pentesting SSH/SFTP

23 - Pentesting Telnet

25,465,587 - Pentesting SMTP/s

43 - Pentesting WHOIS

53 - Pentesting DNS

69/UDP TFTP/Bittorrent-tracker

79 - Pentesting Finger

80,443 - Pentesting Web Methodology

88tcp/udp - Pentesting Kerberos

110,995 - Pentesting POP

111/TCP/UDP - Pentesting Portmapper

113 - Pentesting Ident

123/udp - Pentesting NTP

135, 593 - Pentesting MSRPC

137,138,139 - Pentesting NetBios

139,445 - Pentesting SMB

143,993 - Pentesting IMAP

161,162,10161,10162/udp - Pentesting SNMP

194,6667,6660-7000 - Pentesting IRC

264 - Pentesting Check Point FireWall-1

389, 636, 3268, 3269 - Pentesting LDAP

500/udp - Pentesting IPsec/IKE VPN

502 - Pentesting Modbus

512 - Pentesting Rexec

513 - Pentesting Rlogin

514 - Pentesting Rsh

515 - Pentesting Line Printer Daemon (LPD)

548 - Pentesting Apple Filing Protocol (AFP)

554,8554 - Pentesting RTSP

623/UDP/TCP - IPMI

631 - Internet Printing Protocol(IPP)

873 - Pentesting Rsync

1026 - Pentesting Rusersd

1080 - Pentesting Socks

1098/1099/1050 - Pentesting Java RMI - RMI-IIOP

1433 - Pentesting MSSQL - Microsoft SQL Server

1521,1522-1529 - Pentesting Oracle TNS Listener

1723 - Pentesting PPTP

1883 - Pentesting MQTT (Mosquitto)

2049 - Pentesting NFS Service

2301,2381 - Pentesting Compaq/HP Insight Manager

2375, 2376 Pentesting Docker

3128 - Pentesting Squid

3260 - Pentesting ISCSI

3299 - Pentesting SAPRouter

3306 - Pentesting Mysql

3389 - Pentesting RDP

3632 - Pentesting distcc

3690 - Pentesting Subversion (svn server)

3702/UDP - Pentesting WS-Discovery

4369 - Pentesting Erlang Port Mapper Daemon (epmd)

5000 - Pentesting Docker Registry

5353/UDP Multicast DNS (mDNS) and DNS-SD

5432,5433 - Pentesting Postgresql

5555 - Android Debug Bridge

5601 - Pentesting Kibana

5671,5672 - Pentesting AMQP

5800,5801,5900,5901 - Pentesting VNC

5984,6984 - Pentesting CouchDB

5985,5986 - Pentesting WinRM

5985,5986 - Pentesting OMI

6000 - Pentesting X11

6379 - Pentesting Redis

8009 - Pentesting Apache JServ Protocol (AJP)

8086 - Pentesting InfluxDB

8089 - Pentesting Splunkd

8333,18333,38333,18444 - Pentesting Bitcoin

9000 - Pentesting FastCGI

9001 - Pentesting HSQLDB

9042/9160 - Pentesting Cassandra

9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)

9200 - Pentesting Elasticsearch

10000 - Pentesting Network Data Management Protocol (ndmp)

11211 - Pentesting Memcache

15672 - Pentesting RabbitMQ Management

24007,24008,24009,49152 - Pentesting GlusterFS

27017,27018 - Pentesting MongoDB

44134 - Pentesting Tiller (Helm)

44818/UDP/TCP - Pentesting EthernetIP

47808/udp - Pentesting BACNet

50030,50060,50070,50075,50090 - Pentesting Hadoop

🕸

Pentesting Web

Web Vulnerabilities Methodology

Reflecting Techniques - PoCs and Polygloths CheatSheet

Bypass Payment Process

Cache Poisoning and Cache Deception

Client Side Template Injection (CSTI)

Command Injection

Content Security Policy (CSP) Bypass

Cookies Hacking

CORS - Misconfigurations & Bypass

CRLF (%0D%0A) Injection

Cross-site WebSocket hijacking (CSWSH)

CSRF (Cross Site Request Forgery)

Dangling Markup - HTML scriptless injection

Deserialization

Domain/Subdomain takeover

Email Injections

File Inclusion/Path traversal

Formula/Doc/LaTeX Injection

HTTP Request Smuggling / HTTP Desync Attack

HTTP Response Smuggling / Desync

Upgrade Header Smuggling

hop-by-hop headers

JWT Vulnerabilities (Json Web Tokens)

NoSQL injection

OAuth to Account takeover

Parameter Pollution

PostMessage Vulnerabilities

Rate Limit Bypass

Registration & Takeover Vulnerabilities

Regular expression Denial of Service - ReDoS

Reset/Forgotten Password Bypass

Server Side Inclusion/Edge Side Inclusion Injection

SSRF (Server Side Request Forgery)

SSTI (Server Side Template Injection)

Reverse Tab Nabbing

Unicode Normalization vulnerability

Web Tool - WFuzz

XPATH injection

XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)

XXE - XEE - XML External Entity

XSS (Cross Site Scripting)

XSSI (Cross-Site Script Inclusion)

⛈

Cloud Security

Workspace Security

Github Security

Kubernetes Security

Cloud Security Review

😎

Hardware/Physical Access

Physical Attacks

Escaping from KIOSKs

Firmware Analysis

🦅

Reversing & Exploiting

Reversing Tools & Basic Methods

Common API used in Malware

Linux Exploiting (Basic) (SPA)

Exploiting Tools

Windows Exploiting (Basic Guide - OSCP lvl)

🔮

Crypto & Stego

Cryptographic/Compression Algorithms

Cipher Block Chaining CBC-MAC

Crypto CTFs Tricks

Electronic Code Book (ECB)

Hash Length Extension Attack

RC4 - Encrypt&Decrypt

Esoteric languages

Blockchain & Crypto Currencies

🧐

External Platforms Reviews/Writeups

BRA.I.NSMASHER Presentation

INE Courses and eLearnSecurity Certifications Reviews

🦂

C2

✍

TODO

Other Big References

Hardware Hacking

Other Web Tricks

Interesting HTTP

Emails Vulnerabilities

Android Forensics

6881/udp - Pentesting BitTorrent

1911 - Pentesting fox

Online Platforms with API

Stealing Sensitive Information Disclosure from a Web

Post Exploitation

Powered By GitBook

9042/9160 - Pentesting Cassandra

Support HackTricks and get benefits!
Basic Information
Apache Cassandra is a highly scalable, high-performance distributed database designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. It is a type of NoSQL database.
In several cases you will find cassandra accepting any credentials (as there aren't any configured) and you will be able to enumerate the database.
Default port: 9042,9160
PORT     STATE SERVICE   REASON
9042/tcp open  cassandra-native Apache Cassandra 3.10 or later (native protocol versions 3/v3, 4/v4, 5/v5-beta)
9160/tcp open  cassandra syn-ack
Enumeration
Manual
pip install cqlsh
cqlsh <IP>
#Basic info enumeration
SELECT cluster_name, thrift_version, data_center, partitioner, native_protocol_version, rack, release_version from system.local;
#Keyspace enumeration
SELECT keyspace_name FROM system.schema_keyspaces;
desc <Keyspace_name>    #Decribe that DB
desc system_auth        #Describe the DB called system_auth
SELECT * from system_auth.roles;  #Retreive that info, can contain credential hashes
SELECT * from logdb.user_auth;    #Can contain credential hashes
SELECT * from logdb.user;
SELECT * from configuration."config";
Automated
There aren't much options here and nmap doesn't obtain much info
nmap -sV --script cassandra-info -p <PORT> <IP>
​Brute force​
Shodan
port:9160 Cluster
port:9042 "Invalid or unsupported protocol version"
Support HackTricks and get benefits!

Network Services Pentesting - Previous

9001 - Pentesting HSQLDB

Next - Network Services Pentesting

9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)

Last modified 3mo ago

Copy link

Outline

Basic Information