Abstract
With increase in necessity of distributed applications, coordination and configuration management tools for these classes of applications have popped up. Zookeeper and Consul being one of them are the base to many systems like Hadoop, Kafka, Apache Mesos etc. These systems might pop-up occasionally during penetration tests. The major focus of this research was to find ways to abuse these systems as well as use them for getting deeper access to other systems.
The talk deals with how they came across and exploited different configuration management systems during their pentests.