> For the complete documentation index, see [llms.txt](https://intrusionz3r0.gitbook.io/intrusionz3r0/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://intrusionz3r0.gitbook.io/intrusionz3r0/common-applications/splunk.md).

# Splunk

* The Splunk web server runs by default on port `8000`.
* the default credentials are `admin:changeme`.
* If the default credentials do not work, it is worth checking for common weak passwords such as `admin`, `Welcome`, `Welcome1`, `Password123`, etc.

Splunk has multiple ways of running code:

* Django applications, REST endpoints, **scripted inputs**, and alerting scripts.
* Scripted inputs can be created to run:
  * Bash
  * PowerShel
  * Batch scripts
  * Python

## How to exploit

<https://github.com/0xjpuff/reverse_shell_splunk>

1. Verify the operating system is running the splunk and choise the right proper script.
2. Edit the respective script with your IP and port. (If we were dealing with a Linux host, we would need to edit the `rev.py` )
3. compress the file `tar -cvzf updater.tar.gz splunk_shell/`
4. Go to apps > manage apps > install app from file.
5. Upload the file and wait the reverse connection
