{% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %} # Basic Information Kibana inajulikana kwa uwezo wake wa kutafuta na kuonyesha data ndani ya Elasticsearch, kwa kawaida ikikimbia kwenye bandari **5601**. Inatumika kama kiolesura cha ufuatiliaji, usimamizi, na kazi za usalama za klasta ya Elastic Stack. ## Understanding Authentication Mchakato wa uthibitishaji katika Kibana unahusiana kwa karibu na **vithibitisho vinavyotumika katika Elasticsearch**. Ikiwa Elasticsearch haina uthibitishaji, Kibana inaweza kufikiwa bila vithibitisho vyovyote. Kinyume chake, ikiwa Elasticsearch imeimarishwa kwa vithibitisho, vithibitisho hivyo hivyo vinahitajika kufikia Kibana, ikihifadhi ruhusa sawa za mtumiaji katika majukwaa yote mawili. Vithibitisho vinaweza kupatikana katika faili **/etc/kibana/kibana.yml**. Ikiwa vithibitisho hivi havihusiani na mtumiaji **kibana_system**, vinaweza kutoa haki pana za ufikiaji, kwani ufikiaji wa mtumiaji kibana_system umepunguziliwa kwa API za ufuatiliaji na index ya .kibana. ## Actions Upon Access Mara tu ufikiaji wa Kibana unavyokuwa salama, hatua kadhaa zinashauriwa: - Kuchunguza data kutoka Elasticsearch inapaswa kuwa kipaumbele. - Uwezo wa kusimamia watumiaji, ikiwa ni pamoja na kuhariri, kufuta, au kuunda watumiaji wapya, majukumu, au funguo za API, unapatikana chini ya Usimamizi wa Stack -> Watumiaji/Majukumu/Funguo za API. - Ni muhimu kuangalia toleo lililowekwa la Kibana kwa udhaifu unaojulikana, kama vile udhaifu wa RCE ulioainishwa katika matoleo kabla ya 6.6.0 ([More Info](https://insinuator.net/2021/01/pentesting-the-elk-stack/#ref2)). ## SSL/TLS Considerations Katika hali ambapo SSL/TLS haijawashwa, uwezekano wa kuvuja kwa taarifa nyeti unapaswa kutathminiwa kwa kina. ## References * [https://insinuator.net/2021/01/pentesting-the-elk-stack/](https://insinuator.net/2021/01/pentesting-the-elk-stack/) {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! * **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}