8086 - Pentesting InfluxDB
Use Trickest to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today:
Basic Information
InfluxDB is an open-source time series database (TSDB) developed by InfluxData. TSDBs are optimized for storing and serving time series data, which consists of timestamp-value pairs. Compared to general-purpose databases, TSDBs provide significant improvements in storage space and performance for time series datasets. They employ specialized compression algorithms and can be configured to automatically remove old data. Specialized database indices also enhance query performance.
Default port: 8086
Enumeration
From a pentester point of view this another database that could be storing sensitive information, so it's interesting to know how to dump all the info.
Authentication
InfluxDB might require authentication or not
If you get an error like this one: ERR: unable to parse authentication credentials
it means that it's expecting some credentials.
There was a vulnerability influxdb that allowed to bypass the authentication: CVE-2019-20933
Manual Enumeration
The information of this example was taken from here.
Show databases
The found databases are telegraf
and internal
(you will find this one everywhere)
Show tables/measurements
The InfluxDB documentation explains that measurements in InfluxDB can be paralleled with SQL tables. The nomenclature of these measurements is indicative of their respective content, each housing data relevant to a particular entity.
Show columns/field keys
The field keys are like the columns of the database
Dump Table
And finally you can dump the table doing something like
In some testing with the authentication bypass it was noted that the name of the table needed to be between double quotes like: select * from "cpu"
Automated Authentication
Use Trickest to easily build and automate workflows powered by the world's most advanced community tools. Get Access Today:
Last updated