Hackthebox Twitter

Hackthebox Twitter

Welcome
Windows Penetration Testing
Linux Penetration Testing
Portforwarding and tunneling
File Transfer Techniques
Password Attacks
Enumeration
Hacking Web
Phishing Tecniques
Common Applications
Containers Pentesting
C2 Command and Control
- Sliver
- Cobalt Strike
Report Templates
Anonymity Guide
Windows Enumeration
Malware Developer
Labs
- Vulnlabs

Powered by GitBook

On this page

Common Applications

Splunk

PreviousGitlab NextTomcat

Last updated 4 months ago

The Splunk web server runs by default on port 8000.
the default credentials are admin:changeme.
If the default credentials do not work, it is worth checking for common weak passwords such as admin, Welcome, Welcome1, Password123, etc.

Splunk has multiple ways of running code:

Django applications, REST endpoints, scripted inputs, and alerting scripts.
Scripted inputs can be created to run:
- Bash
- PowerShel
- Batch scripts
- Python

How to exploit

Verify the operating system is running the splunk and choise the right proper script.
Edit the respective script with your IP and port. (If we were dealing with a Linux host, we would need to edit the rev.py )
compress the file tar -cvzf updater.tar.gz splunk_shell/
Go to apps > manage apps > install app from file.
Upload the file and wait the reverse connection

https://github.com/0xjpuff/reverse_shell_splunk