Nmap Development mailing list archives
Service probe for Hazelcast
From: Pavel Kankovsky <kan () dcit cz>
Date: Wed, 3 Apr 2013 22:16:43 +0200 (CEST)
Dear Nmap developers,I have had a close encounter with Hazelcast (http://www.hazelcast.com/) recently. It is a very interesting piece of software and a gaping security hole: as far as I can tell, the default configuration allows anyone to connect to the network service and do all sorts of nasty things. The "enterprise edition" implements some security mechanisms that might restrict access but the open-source "community edition" lacks them.
Nmap detects it as "memcached" because of its chameleon-like nature (any version >= 1.9-RC supports memcache and HTTP REST interface besides its native protocol) but I think its true identity deserves to be revealed.
I have found two methods to detect Hazelcast: The first method relies ona feature of its HTTP REST interface that returns the current list of cluster nodes:
---snip--- # Hazelcast In-Memory Data Grid >= 1.9-RC http://www.hazelcast.com/ Probe TCP hazelcast q|GET /hazelcast/rest/cluster HTTP/1.0\r\n\r\n\r\n| rarity 9 ports 5701-5709 match hazelcast m|^HTTP/.*\nCluster \[[0-9]*\] {\n\tMember (.*)}|s p/Hazelcast/ i/nodes $SUBST(1,"\n\tMember",",")/ ---snip---The other method is to probe its native protocol. This is quite easy and reliable (when the server receives three bytes reading "HZC", it sends the same three bytes back), but it does not extract any information about the service:
---snip--- # Hazelcast In-Memory Data Grid >= 1.9-RC http://www.hazelcast.com/ Probe TCP hazelcast q|HZC| rarity 9 ports 5701-5709 match hazelcast m|^HZC| p/Hazelcast/ ---snip--- -- Pavel Kankovsky _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Service probe for Hazelcast Pavel Kankovsky (Apr 03)
- Re: Service probe for Hazelcast David Fifield (Apr 09)
- Re: Service probe for Hazelcast Pavel Kankovsky (Apr 11)
- Re: Service probe for Hazelcast David Fifield (Apr 27)
- Re: Service probe for Hazelcast Pavel Kankovsky (Apr 11)
- Re: Service probe for Hazelcast David Fifield (Apr 09)