module
Splunk Custom App Remote Code Execution
| Disclosed | Created |
|---|---|
| 2012-09-27 | 2018-05-30 |
Disclosed
2012-09-27
Created
2018-05-30
Description
This module exploits a feature of Splunk whereby a custom application can be
uploaded through the web based interface. Through the 'script' search command a
user can call commands defined in their custom application which includes arbitrary
perl or python code. To abuse this behavior, a valid Splunk user with the admin
role is required. By default, this module uses the credential of "admin:changeme",
the default Administrator credential for Splunk. Note that the Splunk web interface
runs as SYSTEM on Windows, or as root on Linux by default. This module has been
tested successfully against Splunk 5.0, 6.1, 6.1.1 and 7.2.4.
Version 7.2.4 has been tested successfully against OSX as well
uploaded through the web based interface. Through the 'script' search command a
user can call commands defined in their custom application which includes arbitrary
perl or python code. To abuse this behavior, a valid Splunk user with the admin
role is required. By default, this module uses the credential of "admin:changeme",
the default Administrator credential for Splunk. Note that the Splunk web interface
runs as SYSTEM on Windows, or as root on Linux by default. This module has been
tested successfully against Splunk 5.0, 6.1, 6.1.1 and 7.2.4.
Version 7.2.4 has been tested successfully against OSX as well
Authors
marcwickenden
sinn3r sinn3r@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Gary Blosser
Matteo Malvica
sinn3r sinn3r@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Gary Blosser
Matteo Malvica
Platform
Linux,OSX,Unix,Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.