IBM Instana Basics

IBM Instana is an AI-powered application performance monitoring (APM) solution designed to help organizations monitor and optimize their cloud-native and microservices-based applications. it provides real-time visibility into application performance, helping developers and devOps teams identify and resolve issues quickly.

Default Ports

Instana typically uses the following ports:

• 8083

• 8443:default SSL port

Interaction with Instana

To interact with Instana, you can use the REST API endpoints. Here is an example of how to retrieve the Instana version:

Replace <instana-host> with your actual Instana server address and admin with your preferred username.

Banner and Fingerprinting

When connecting to Instana, you might receive a response containing information about the installed version. For example:

This information can help identify the installed version of Instana.

Instana Authentication

Instana uses basic authentication by default. The credentials are typically stored in a properties file located at /opt/instana/conf/instana.properties. An example entry might look like this:

Exploiting Instana

Several vulnerabilities have been discovered in Instana over time. One notable example is the RCE vulnerability in Instana versions prior to 20230315.

• Vulnerable Versions- all versions prior to 20230315

• Fixed Version- 20230315 or later

  
  

Impact

This vulnerability allows remote code execution on the Instana server, potentially giving an attacker full access to the system if exploited successfully.

To exploit this vulnerability, you would need to:

1. Identify the vulnerable version using the fingerprinting method described earlier.

2. If the version is below 20230315, attempt to authenticate with valid credentials.

3. Once authenticated, send a specially crafted request to one of the API endpoints.

   
   

Enumeration Techniques

1. List all agents:

   

   
   

2. Get Agent Details:

   

   
   

3. Retrieve metrics for a specific agent:

   

   
   
   
   

Securing Instana

To secure Instana installation:

1. Keep Instana updated to its latest version.

2. Use strong authentication credentials.

3. Implement network segmentation to limit access to the Instana server.

4. Regularly audit user accounts and permissions.

By following these guidelines and being aware of the potential vulnerabilities, one can significantly reduce the risk of exploitation when using IBM Instana for application monitoring.

CVE-2023-27290 Exploit

For more detailed information on the CVE-2023-27290 exploit, including steps to understand and mitigate it, visit the following GitHub repository: https://github.com/zipponnova/IBM-Instana-Exploits