So, I wanted to add full text search functionality to one of my projects and after doing some research I decided to go with Elasticsearch.
While reading the docs, I came across two RESTful apis which were good but also dangerously exploitable.
So what are those apis - (assuming that a local instance is running on port - 9200 )
1 - curl XGET 'http://localhost:9200/_nodes?pretty=true'
Run this command from your terminal and you will see a lot of details about your machine
While reading the docs, I came across two RESTful apis which were good but also dangerously exploitable.
So what are those apis - (assuming that a local instance is running on port - 9200 )
1 - curl XGET 'http://localhost:9200/_nodes?pretty=true'
Run this command from your terminal and you will see a lot of details about your machine
- Paths -
- logs: /Users/I/am/a/hacker/logs
- home: /Users/I/can/see/your/home
- OS info -
- cpu details
- memory details
- and yeah JVM details
- Network info -
- IP address
- mac address
2 - curl -XPOST 'http://localhost:9200/_cluster/nodes/_master/_shutdown' or
curl -XPOST 'http://localhost:9200/_shutdown'
Any user can execute the above command and bring down your whole cluster.
Still most big companies have pretty good firewall setup so its hard to get access to a machine but
still, imo, there should be some kind of permission to execute these commands
Anyways these are some interesting things which I came across while reading the docs.
