Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Message in a Bottle: Attacking Distributed Nodes

Chen Siyu

0 vote(s)

A message broker is part of a distributed system that helps solve asynchronous processing, application coupling and other issues. The messages encapsulation, transmission and processing in the system depends on the design and implementation of the whole system. If there is a security problem at a certain critical processing point, the entire distributed node may be destroyed.

A distributed system encapsulates messages using serialized data, which can lead to remote command execution directly in some development languages. If a fake message can be injected to message queue in message broker, it is possible to trigger remote command execution when the message is processed by the distributed node.

There are many message brokers to choose, RabbitMQ, ActiveMQ, Kafka, Redis, etc. An attacker could control a broker easily through unauthorized access vulnerability, such as Redis. It is possible to attack distributed nodes through injecting fake messages into the message broker. In fact, there are cases we have found that using a message broker with unauthorized access problems and serialization issues is potentially dangerous in distributed systems.

In this presentation, we'll use Celery framework to explain how combine multiple vunerabilities to attack distributed nodes through message injection attacks.

About Chen Siyu

Chen Siyu is a senior Web security researcher at 0kee Team, Qihoo360. He has rich experiences in Penetration test and in finding weakness in different network environments. He also provides emergency response on company products.