Update modules to use splunk library #18927

errorxyz · 2024-03-06T12:18:29Z

Summary

Now that #18715 is landed, we need to update the splunk modules to use this library

modules/exploits/multi/http/splunk_upload_app_exec.rb
modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb
modules/exploits/multi/http/splunk_mappy_exec.rb
modules/exploits/unix/http/splunk_xslt_authenticated_rce.rb
modules/auxiliary/scanner/http/splunk_web_login.rb
modules/auxiliary/gather/splunk_raw_server_info.rb

nrathaus · 2024-04-22T12:17:02Z

Easiest way to get a splunk copy running:
docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=splunk" --name splunk splunk/splunk:7.1.0

Change 7.1.0 to older/newer versions depending on your needs

NOTE: Some versions don't support SPLUNK_PASSWORD and will not start without intervention

nrathaus · 2024-04-22T12:25:50Z

Unfortunately with docker version, and Free Trial, the login process is "disabled" - making it not a good unit-test for the Ruby modifications

errorxyz added the suggestion-feature New feature suggestions label Mar 6, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update modules to use splunk library #18927

Update modules to use splunk library #18927

errorxyz commented Mar 6, 2024

nrathaus commented Apr 22, 2024 •

edited

nrathaus commented Apr 22, 2024

Update modules to use splunk library #18927

Update modules to use splunk library #18927

Comments

errorxyz commented Mar 6, 2024

Summary

nrathaus commented Apr 22, 2024 • edited

nrathaus commented Apr 22, 2024

nrathaus commented Apr 22, 2024 •

edited