24007,24008,24009,49152 - Pentesting GlusterFS

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!

• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.

• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Basic Information

GlusterFS is a distributed file system that combines storage from multiple servers into one unified system. It allows for arbitrary scalability, meaning you can easily add or remove storage servers without disrupting the overall file system. This ensures high availability and fault tolerance for your data. With GlusterFS, you can access your files as if they were stored locally, regardless of the underlying server infrastructure. It provides a powerful and flexible solution for managing large amounts of data across multiple servers.

Default ports: 24007/tcp/udp, 24008/tcp/udp, 49152/tcp (onwards) For the port 49152, ports incremented by 1 need to be open to use more bricks. Previously the port 24009 was used instead of 49152.

PORT      STATE  SERVICE
24007/tcp open   rpcbind
49152/tcp open   ssl/unknown

Enumeration

To interact with this filesystem you need to install the GlusterFS client (sudo apt-get install glusterfs-cli).

To list and mount the available volumes you can use:

sudo gluster --remote-host=10.10.11.131 volume list
# This will return the name of the volumes

sudo mount -t glusterfs 10.10.11.131:/<vol_name> /mnt/

If you receive an error trying to mount the filesystem, you can check the logs in /var/log/glusterfs/

Errors mentioning certificates can be fixed by stealing the files (if you have access to the system):

• /etc/ssl/glusterfs.ca

• /etc/ssl/glusterfs.key

• /etc/ssl/glusterfs.ca.pem

And storing them in your machine /etc/ssl or /usr/lib/ssl directory (if a different directory is used check for lines similar to: "could not load our cert at /usr/lib/ssl/glusterfs.pem" in the logs) .

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

• Check the subscription plans!

• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.

• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.