Thursday, August 21, 2014

Elasticsearch 101 - How secure is it ?

So, I wanted to add full text search functionality to one of my projects and after doing some research I decided to go with Elasticsearch.

While reading the docs, I came across two RESTful apis which were good but also dangerously exploitable.

So what are those apis - (assuming that a local instance is running on port - 9200 )

1 - curl XGET 'http://localhost:9200/_nodes?pretty=true'
   
     Run this command from your terminal and you will see a lot of details about your machine

  • Paths - 
    • logs: /Users/I/am/a/hacker/logs
    • home: /Users/I/can/see/your/home
  • OS info -
    • cpu details
    • memory details
    • and yeah JVM details
  • Network info - 
    • IP address
    • mac address

2 - curl -XPOST 'http://localhost:9200/_cluster/nodes/_master/_shutdown'   or
     curl -XPOST 'http://localhost:9200/_shutdown'

     Any user can execute the above command and bring down your whole cluster. 
     Still most big companies have pretty good firewall setup so its hard to get access to a machine but
     still, imo, there should be some kind of permission to execute these commands


Anyways these are some interesting things which I came across while reading the docs.


2 comments:

  1. Casino Games - jtmhub.com
    Online 화성 출장샵 Casino 순천 출장샵 Games at JTM Hub. The world's favorite online gambling 수원 출장샵 website. Our users can choose from over 35 popular games 충청북도 출장마사지 including blackjack, 경기도 출장마사지 roulette,

    ReplyDelete