metasploit-framework Update modules to use splunk library

Update modules to use splunk library

Open errorxyz opened this issue 1 year ago • 2 comments

trafficstars

Summary

Now that #18715 is landed, we need to update the splunk modules to use this library

[ ] modules/exploits/multi/http/splunk_upload_app_exec.rb
[x] modules/exploits/multi/http/splunk_privilege_escalation_cve_2023_32707.rb
[ ] modules/exploits/multi/http/splunk_mappy_exec.rb
[ ] modules/exploits/unix/http/splunk_xslt_authenticated_rce.rb
[ ] modules/auxiliary/scanner/http/splunk_web_login.rb
[ ] modules/auxiliary/gather/splunk_raw_server_info.rb

Mar 06 '24 12:03 errorxyz

Easiest way to get a splunk copy running: docker run -d -p 8000:8000 -e "SPLUNK_START_ARGS=--accept-license" -e "SPLUNK_PASSWORD=splunk" --name splunk splunk/splunk:7.1.0

Change 7.1.0 to older/newer versions depending on your needs

NOTE: Some versions don't support SPLUNK_PASSWORD and will not start without intervention

Apr 22 '24 12:04 nrathaus

Unfortunately with docker version, and Free Trial, the login process is "disabled" - making it not a good unit-test for the Ruby modifications

Apr 22 '24 12:04 nrathaus

metasploit-framework metasploit-framework copied to clipboard

Update modules to use splunk library

Summary

metasploit-framework
metasploit-framework copied to clipboard