HacktheboxGithub

Splunk

  • The Splunk web server runs by default on port 8000.

  • the default credentials are admin:changeme.

  • If the default credentials do not work, it is worth checking for common weak passwords such as admin, Welcome, Welcome1, Password123, etc.

Splunk has multiple ways of running code:

  • Django applications, REST endpoints, scripted inputs, and alerting scripts.

  • Scripted inputs can be created to run:

    • Bash

    • PowerShel

    • Batch scripts

    • Python

How to exploit

https://github.com/0xjpuff/reverse_shell_splunk

  1. Verify the operating system is running the splunk and choise the right proper script.

  2. Edit the respective script with your IP and port. (If we were dealing with a Linux host, we would need to edit the rev.py )

  3. compress the file tar -cvzf updater.tar.gz splunk_shell/

  4. Go to apps > manage apps > install app from file.

  5. Upload the file and wait the reverse connection

PreviousGitlabNextTomcat

Last updated