Thursday, August 21, 2014

Elasticsearch 101 - How secure is it ?

So, I wanted to add full text search functionality to one of my projects and after doing some research I decided to go with Elasticsearch.

While reading the docs, I came across two RESTful apis which were good but also dangerously exploitable.

So what are those apis - (assuming that a local instance is running on port - 9200 )

1 - curl XGET 'http://localhost:9200/_nodes?pretty=true'
     Run this command from your terminal and you will see a lot of details about your machine

  • Paths - 
    • logs: /Users/I/am/a/hacker/logs
    • home: /Users/I/can/see/your/home
  • OS info -
    • cpu details
    • memory details
    • and yeah JVM details
  • Network info - 
    • IP address
    • mac address

2 - curl -XPOST 'http://localhost:9200/_cluster/nodes/_master/_shutdown'   or
     curl -XPOST 'http://localhost:9200/_shutdown'

     Any user can execute the above command and bring down your whole cluster. 
     Still most big companies have pretty good firewall setup so its hard to get access to a machine but
     still, imo, there should be some kind of permission to execute these commands

Anyways these are some interesting things which I came across while reading the docs.