This is a toolkit to exploit IBM Instana cloud microservices running on authenticated open ports.. Accepts host IP as an input. Using the tool, an attacker can execute commands such as kafka-topics, cqlsh, curl, etc., on the target host. The script takes input from the command line, including the host IP address, the command to execute, and optional parameters such as output file and verbose mode.
From the perspective of the Mitre ATT&CK framework, the script could be used in various stages of the cyber kill chain. For example, during the initial stages of reconnaissance, an attacker could use this script to gather information about the target system. Additionally, this script can be used to perform command execution and data exfiltration, which could lead to privilege escalation and lateral movement.
Some of the techniques from the Mitre ATT&CK framework that are relevant to this script include:
- Reconnaissance (T1590)
- Command and Control (T1043)
- Execution (T1059)
- Exfiltration (T1048)
IBM Instana Observability is a cloud-native observability platform that provides complete visibility into modern dynamic application architectures. It uses AI-powered automation to monitor applications and infrastructure, detect performance issues, and provide insights into root causes. With Instana, users can monitor cloud-native, containerized, and microservices-based applications in real-time, helping them to identify and resolve issues quickly. It supports a wide range of popular technologies and platforms, including Kubernetes, Docker, AWS, and Microsoft Azure.
Learn more from here : https://www.ibm.com/docs/en/instana-observability/211?topic=SSE1JP5_211/src/pages/self_hosted_instana/package_based/configuration.html
Kafka- Running on port9092Cassandra- Running on port9042Clickhouse DB- Running on port8123Zookeeper- Running on port2181Node Exporters- Running on port8181Prometheus- Running on port9090Elasticsearch- Running on port9200Cockroach DB- Running on port26257
python script.py <host> <option> [--output <file>] [--verbose]
<host>: The IP address of the host where the microservices are running.
<option>: The available options to run different commands for different services. The available options are:
kafka: To list all the Kafka topics.
cassandra: To connect to Cassandra cluster.
clickhouse: To list all the tables in ClickHouse database.
cockroach: To connect to CockroachDB cluster.
zookeeper: To print Zookeeper status.
node-export: To view Node Exporter metrics.
elasticsearch: To view Elasticsearch indices.
prometheus: To view Prometheus metrics.
--output <file>: Optional flag to save the output to a file.
--verbose: Optional flag to print the command line that was executed.
python script.py 192.168.1.10 elasticsearch --output indices.txt --verbose
This command will connect to Elasticsearch running on 192.168.1.10 and list all the indices. The output will be saved to a file named indices.txt and the command line that was executed will be printed on the console.
In conclusion, this python script can be used by an attacker to exploit and test the security of IBM Instana cloud microservices architecture. It is important for defenders to monitor their networks and be aware of the potential risks associated with such attacks.