Apache Flink 1.9.x (Part 1: Set Up)

This is blog is to set up your own lab environment for Apache Flink 1.9.x. There was a vulnerability published recently on exploit db and I used it as a learning tool to practice performing code review with Java.

It took me about 2 hours to find and exploit where my starting hold was just the title ‘File Upload RCE’. To set up the environment it is a quick 5 minute process. I used a Ubuntu VM for the base operating system. Below is the link to the exploit.

Step 1: Download the binary of Apache Flink 1.9.x. In this case I used 1.9.2:

Step 2: Extract the contents and go to the following path.

/apache-flink-1.9.2/build/lib/pyflink/bin

Step 3: Run the start-cluster.sh file

Fig 1: Run the start-cluster.sh file

Step 4: Use netstat or ps aux to check the application is running

Fig 2: Check it is running
Fig 3: Found it on port 8081

After getting Apache Flink set up, you will need to install the following if you want to perform the code review to find and execute the exploit.

  1. Java Decompiler (JD-GUI)

https://github.com/java-decompiler/jd-gui/releases/download/v1.6.6/jd-gui-1.6.6.jar

2. Java for running the Java Decompiler and also creating your own reverse shell .jar file.

That is all for the set up.

Good luck

--

--

--

Blogging

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Is the Coronavirus killing the GDPR?

Antivirus Evasion With Shellter

Government as a Platform, the hard problems: part 5 — identity and trust

Tuesday Morning Grind #10: What is Dark Web Monitoring?

Developing a Home Cyber-Defense Lab

Who Benefited Most From Twitter’s Hacked Accounts?

Barack Obama hacked Twitter account

How to Avoid Privacy Concerns While Using a VPN

7 days to go for the #Mainnet2021 ⏳

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam C

Adam C

Blogging

More from Medium

RHEL8 in Virtual Box :)

How to SSH to your VM on GCP from Windows

How to Install Apache on CentOS 8

First step with elastic security