hacktricks/network-services-pentesting/5601-pentesting-kibana.md

58 lines
3.9 KiB
Markdown
Raw Normal View History

2022-04-28 16:01:33 +00:00
<details>
2024-01-05 22:36:48 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-01-05 22:36:48 +00:00
Other ways to support HackTricks:
2022-04-28 16:01:33 +00:00
2024-01-05 22:36:48 +00:00
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
2024-02-09 12:24:06 +00:00
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
2024-01-05 22:36:48 +00:00
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2022-04-28 16:01:33 +00:00
</details>
2022-05-01 12:49:36 +00:00
# Basic Information
2021-01-28 13:40:17 +00:00
2024-02-08 21:36:35 +00:00
Kibana is known for its ability to search and visualize data within Elasticsearch, typically running on port **5601**. It serves as the interface for the Elastic Stack cluster's monitoring, management, and security functions.
2021-01-28 13:40:17 +00:00
2024-02-08 21:36:35 +00:00
## Understanding Authentication
2021-01-28 13:40:17 +00:00
2024-02-08 21:36:35 +00:00
The process of authentication in Kibana is inherently linked to the **credentials used in Elasticsearch**. If Elasticsearch has authentication disabled, Kibana can be accessed without any credentials. Conversely, if Elasticsearch is secured with credentials, the same credentials are required to access Kibana, maintaining identical user permissions across both platforms. Credentials might be found in the **/etc/kibana/kibana.yml** file. If these credentials do not pertain to the **kibana_system** user, they may offer broader access rights, as the kibana_system user's access is restricted to monitoring APIs and the .kibana index.
2021-01-28 13:40:17 +00:00
2024-02-08 21:36:35 +00:00
## Actions Upon Access
2021-01-28 13:40:17 +00:00
2024-02-08 21:36:35 +00:00
Once access to Kibana is secured, several actions are advisable:
2021-01-28 13:40:17 +00:00
2024-02-08 21:36:35 +00:00
- Exploring data from Elasticsearch should be a priority.
- The ability to manage users, including the editing, deletion, or creation of new users, roles, or API keys, is found under Stack Management -> Users/Roles/API Keys.
- It's important to check the installed version of Kibana for known vulnerabilities, such as the RCE vulnerability identified in versions prior to 6.6.0 ([More Info](https://insinuator.net/2021/01/pentesting-the-elk-stack/#ref2)).
2021-01-28 13:40:17 +00:00
2024-02-08 21:36:35 +00:00
## SSL/TLS Considerations
2021-01-28 13:40:17 +00:00
2024-02-08 21:36:35 +00:00
In instances where SSL/TLS is not enabled, the potential for leaking sensitive information should be thoroughly evaluated.s
2021-01-28 13:40:17 +00:00
2022-05-01 12:49:36 +00:00
## References
2021-01-28 13:40:17 +00:00
* [https://insinuator.net/2021/01/pentesting-the-elk-stack/](https://insinuator.net/2021/01/pentesting-the-elk-stack/)
2022-04-28 16:01:33 +00:00
<details>
2024-01-05 22:36:48 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-01-05 22:36:48 +00:00
Other ways to support HackTricks:
2022-04-28 16:01:33 +00:00
2024-01-05 22:36:48 +00:00
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
2024-02-09 12:24:06 +00:00
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
2024-01-05 22:36:48 +00:00
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2022-04-28 16:01:33 +00:00
</details>