漏洞描述
The erlang port mapper daemon is used to coordinate distributed erlang instances. His job is to keep track of which node name listens on which address. Hence, epmd map symbolic node names to machine addresses.
erlang-daemon: Erlang Port Mapper Daemon
PoC代码[已公开]
id: erlang-daemon
info:
name: Erlang Port Mapper Daemon
author: pussycat0x,daffainfo
severity: low
description: |
The erlang port mapper daemon is used to coordinate distributed erlang instances. His job is to keep track of which node name listens on which address. Hence, epmd map symbolic node names to machine addresses.
reference:
- https://nmap.org/nsedoc/scripts/epmd-info.html
- https://book.hacktricks.xyz/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd
- https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd
metadata:
verified: true
max-request: 1
shodan-query: product:"Erlang Port Mapper Daemon"
tags: demon,enum,erlang,epmd,network,misconfig,tcp,discovery
tcp:
- inputs:
- data: "\x00\x01\x6e"
host:
- "{{Hostname}}"
port: 4369
matchers-condition: and
matchers:
- type: word
words:
- "HTTP/1.1"
negative: true
- type: word
words:
- "name"
- "at port"
condition: and
extractors:
- type: regex
regex:
- 'name (.*?) at port ([0-9]+)'
# digest: 4a0a004730450220652e6da89820c2400f5dd4b3f058f1cb6efff32ddfe094c286141a84dbca9165022100ee106914bd0d6419329454e96b93e2b7405026c4ec523720fda918c8e28e5879:922c64590222798bb761d5b6d8e72950