Splunk
The Splunk web server runs by default on port
8000
.the default credentials are
admin:changeme
.If the default credentials do not work, it is worth checking for common weak passwords such as
admin
,Welcome
,Welcome1
,Password123
, etc.
Splunk has multiple ways of running code:
Django applications, REST endpoints, scripted inputs, and alerting scripts.
Scripted inputs can be created to run:
Bash
PowerShel
Batch scripts
Python
How to exploit
https://github.com/0xjpuff/reverse_shell_splunk
Verify the operating system is running the splunk and choise the right proper script.
Edit the respective script with your IP and port. (If we were dealing with a Linux host, we would need to edit the
rev.py
)compress the file
tar -cvzf updater.tar.gz splunk_shell/
Go to apps > manage apps > install app from file.
Upload the file and wait the reverse connection
Last updated