Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2020-10-05 11:46:57 +00:00 committed by gitbook-bot
parent f6cc6316db
commit 74306809bf
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pentesting/9200-pentesting-elasticsearch.md
View file

@ -38,6 +38,10 @@ If you don't see that response accessing `/` see the following section.
That will means that authentication is configured an **you need valid credentials** to obtain any info from elasticserach. Then, you can [**try to bruteforce it**](../brute-force.md#elasticsearch) ****\(it uses HTTP basic auth, so anything that BF HTTP basic auth can be used\).
Here you have a **list default usernames**: _**elastic** \(superuser\), remote\_monitoring\_user, beats\_system, logstash\_system, kibana, kibana\_system, apm\_system_
```text
curl -X GET http://user:password@IP:9200/
```
### Elastic Info
Here are some endpoints that you can **access via GET** to **obtain** some **information** about elasticsearch: