Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Kali Linux - An Ethical Hacker's Cookbook Practical recipes that combine strategies, attacks, and tools for advanced penetration testing

Product type Paperback

Published in Mar 2019

Publisher Packt

ISBN-13 9781789952308

Length 472 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Penetration Testing

Author (1):

Himanshu Sharma

View More author details

Table of Contents (15) Chapters

Preface

1. Kali - An Introduction FREE CHAPTER

2. Gathering Intel and Planning Attack Strategies

3. Vulnerability Assessment - Poking for Holes

4. Web App Exploitation - Beyond OWASP Top 10

5. Network Exploitation

6. Wireless Attacks - Getting Past Aircrack-ng

7. Password Attacks - The Fault in Their Stars

8. Have Shell, Now What?

9. Buffer Overflows

10. Elementary, My Dear Watson - Digital Forensics

11. Playing with Software-Defined Radios

12. Kali in Your Pocket - NetHunters and Raspberries

13. Writing Reports

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

Exploiting Elasticsearch

Sometimes, while doing a pentest, we may also come across some of the services running on various port numbers; one such service is what we will look at in this recipe. Elasticsearch is a Java-based, open source search enterprise engine. It can be used to search any kind of document in real-time.

In 2015, an RCE exploit came for Elasticsearch, which allowed hackers to bypass the sandbox and execute remote commands. Let's see how.

How to do it...

Let's perform the following steps:

The default port is 9200. Start the Metasploit console:

Search for the Elasticsearch exploit using the following command:

 search elasticsearch

The output of the preceding command is shown in the following screenshot...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

Himanshu Sharma

Himanshu Sharma has been in the field of security since 2009 and has been listed in the halls of fame of Apple, Google, Microsoft, Facebook, and many more. He has helped celebrities such as Harbhajan Singh in recovering their hacked accounts. He has been a speaker at various conferences worldwide such as BotConf, CONFidence, Hack In the Box, SINCON, Sec-T, Hackcon, and numerous others. Currently, he is the co-founder of BugsBounty. He also authored multiple bestsellers titled "Kali Linux - An Ethical Hacker's Cookbook", " Hands-On Red Team Tactics" and "Hands-On Web Pentesting with Metasploit."

See other products by Himanshu Sharma