Scribd Logo
Upload

Welcome to Scribd!

  • Pentesting Elastic Search

    Uploaded by

    Chandrakant Nial
    201 views13 pages
    - ElasticSearch is an open source search and analytics engine. By default, it has no authentication enabled and uses the username "elastic" and password "elastic". - Common attacks against ElasticSearch include enumerating sensitive information via GET methods, dumping all index contents, and checking for write permissions by attempting to add documents. - Tools like Horuz CLI and Nmap plugins can help automate enumeration and discovery of ElasticSearch instances. Authentication should be enabled and sensitive information restricted to harden ElasticSearch deployments.

    Original Description:

    Original Title

    Pentesting Elastic Search.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    - ElasticSearch is an open source search and analytics engine. By default, it has no authentication enabled and uses the username "elastic" and password "elastic". - Common attacks against ElasticSearch include enumerating sensitive information via GET methods, dumping all index contents, and checking for write permissions by attempting to add documents. - Tools like Horuz CLI and Nmap plugins can help automate enumeration and discovery of ElasticSearch instances. Authentication should be enabled and sensitive information restricted to harden ElasticSearch deployments.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    201 views13 pages

    Pentesting Elastic Search

    Uploaded by

    Chandrakant Nial
    - ElasticSearch is an open source search and analytics engine. By default, it has no authentication enabled and uses the username "elastic" and password "elastic". - Common attacks against ElasticSearch include enumerating sensitive information via GET methods, dumping all index contents, and checking for write permissions by attempting to add documents. - Tools like Horuz CLI and Nmap plugins can help automate enumeration and discovery of ElasticSearch instances. Authentication should be enabled and sensitive information restricted to harden ElasticSearch deployments.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    PENTESTING

    ELASTIC SEARCH
    BY CHANDRAKANT NIAL YOUTUBE.COM/INFOCK
    TOP 5 WAY TO PENTEST ELASTIC SEARCH

    • What is Elastic Search ?


    • Enumeration
    • Authentication , No problem
    • Sensitive Info
    • Dumping Info
    • Write Permission
    • Automation /Scripts
    WHAT IS ELASTIC SEARCH ?
    ELASTIC SEARCH INDEX
    LETS COME TO ATTACK

    • Port 9200/TCP
    • Manual Enumeration http://100.100.100.100:9200/
    AUTHENTICATION ?

    • By default Elasticsearch doesn't have authentication enabled,


    • elastic/elastic Default Used ID Password
    SENSITIVE INFORMATION (COMMON GET METHODS)

    _cat /_cluster /_security


    /_cat/segments /_cluster/allocation/explain /_security/user
    /_cat/shards /_cluster/settings /_security/privilege
    /_cat/repositories /_cluster/health /_security/role_mapping
    /_cat/recovery /_cluster/state /_security/role
    /_cat/plugins /_cluster/stats /_security/api_key
    /_cat/pending_tasks /_cluster/pending_tasks

    Source : https://www.elastic.co/guide/en/elasticsearch/reference/current/rest-apis.html
    INDICES

    • http://100.100.100.100:9200/_cat/indices?v
    DUMP ALL
    CONTENTS
    • http://host:9200/<index>/_search?
    pretty=true
    • http://100.100.100.115:9200/facebo
    ok/_search?pretty=true
    FUZZING (HORUZ CLI TO INTERACT WITH ELASTICSEARCH)

    https://github.com/misalabs/horuz
    CHECK FOR WRITE PERMISSION
    • curl -X POST '10.10.10.115:9200/bookindex/books' -H 'Content-Type: application/json' -d'

    • {

    • "bookId" : "A00-3",

    • "author" : "Sankaran",

    • "publisher" : "Mcgrahill",

    • "name" : "how to get a job"

    • }'
    AUTOMATIC
    ENUMERATION
    • msf > use
    auxiliary/scanner/elasticsearch/indic
    es_enum
    • https://github.com/theMiddleBlue/n
    map-elasticsearch-nse
    THANKS

    • https://github.com/theMiddleBlue/nmap-elasticsearch-nse
    • https://www.rapid7.com/db/modules/auxiliary/scanner/elasticsearch/indices_enum

    You might also like