top of page

9092 - Pentesting Kafka

Writer: Shahid ParvezShahid Parvez
Nov 23, 20232 min read

Getting started

Kafka is an open-source distributed event streaming platform that is commonly used for building real-time data pipelines and streaming applications. It is designed to handle high-throughput, fault-tolerant, and scalable data streaming. Below is basic information about Kafka, its default port, and how to interact with it:


Default Port: 9092

PORT     STATE SERVICE  VERSION
9092/tcp open  kafka    Apache Kafka

Interaction with Kafka:

You can interact with Kafka using various tools and clients. Here's how you can manually interact with Kafka:


Kafka Command Line Tools:


  • Kafka Console Producer: You can use the Kafka Console Producer to publish messages to a Kafka topic.

kafka-console-producer.sh --broker-list <Kafka_Broker>:9092 --topic <Topic_Name>

  • Kafka Console Consumer: You can use the Kafka Console Consumer to subscribe to a Kafka topic and read messages.

kafka-console-consumer.sh --bootstrap-server <Kafka_Broker>:9092 --topic <Topic_Name> --from-beginning

Banner and Fingerprinting


When connecting to a Kafka broker on port 9092, you can use tools like telnet or perform a network scan with nmap. If you establish a connection and receive a response that includes information such as "Apache Kafka" and version details, it is a strong indicator that port 9092 is running a Kafka broker. The banner often looks like:


JMX,Port=9999

[2023-11-23 00:00:00,000] INFO Kafka version: 2.8.0 (org.apache.kafka.common.utils.AppInfoParser)

Censys Fingerprints:

Banner grabbing from censys kafka port 9092
Censys Fingerprint

By inspecting the banner, you can determine if the service on port 9092 is Kafka and even identify the Kafka version, which can be valuable for compatibility and troubleshooting purposes.



Kafka Authentication


Kafka is not authenticated by default. However, it can be configured to require either password-based or username/password-based authentication for client connections, adding an essential layer of security. The specific authentication mechanism used is not externally detectable, necessitating the discovery of valid credentials to interact with Kafka securely. Successful authentication is confirmed with an "OK" response from the Kafka broker.



Exploiting Kafka


If the Kafka service allows connections without authentication, or if you have valid login credentials, you can begin exploring and discovering more about the service using these simple commands:


Enumeration of topics:

kafka-topics --list --bootstrap-server <Kafka_Broker IP>:9092
Kafka topics can easily be enumerated if anonymous access is allowed
Kafka topics enumeration



Description: Lists available Kafka topics.

Sensitive Information: Reveals the names of topics, which may provide insights into the data being processed.







Creating a new topic:

kafka-topics --create --topic <New_Topic_Name> --partitions <Num_Partitions> --replication-factor <Replication_Factor> --bootstrap-server <Kafka_Broker>:9092

Description: Creates a new Kafka topic with specified partitions and replication factor.

Sensitive Information: None, but misuse can lead to topic creation with resource implications.



Describing a new topic:

kafka-topics --describe --topic <Topic_Name> --bootstrap-server <Kafka_Broker>:9092

Description: Provides detailed information about a specific Kafka topic.

Sensitive Information: Reveals topic configuration and partition details.



Producing Messages to a Topic:

kafka-console-producer --topic <Topic_Name> --broker-list <Kafka_Broker>:9092

Description: Allows sending messages to a Kafka topic.

Sensitive Information: Messages sent via the producer may contain sensitive data.



Consuming Messages from a Topic:

kafka-console-consumer --topic <Topic_Name> --bootstrap-server <Kafka_Broker>:9092 --from-beginning

Description: Reads and displays messages from a Kafka topic.

Sensitive Information: Reveals the content of messages within the topic.



Listing Consumer Groups:

kafka-consumer-groups --list --bootstrap-server <Kafka_Broker>:9092

Description: Lists active Kafka consumer groups.

Sensitive Information: None, but it can expose the consumer group names.



Describing Consumer Group Details:

kafka-consumer-groups --describe --group <Consumer_Group> --bootstrap-server <Kafka_Broker>:9092

Description: Provides detailed information about a specific Kafka consumer group.

Sensitive Information: Reveals consumer group members and their lag in processing messages.



Deleting a topic: 

kafka-topics --delete --topic <Topic_Name> --bootstrap-server <Kafka_Broker>:9092
Running the following command will irreversibly delete a Kafka topic and all its associated data. This should only be executed with extreme caution and the necessary permissions.


Tags:

 
 
 

Recent Posts

See All

2375,2376- Pentesting Docker

Docker is a platform popularly used for containerization, offering a standardized way to develop, ship, and run applications across...

 
 
 

Comments

bottom of page