Module: Msf::Exploit::Remote::HTTP::Splunk::Dashboards

Included in:

Msf::Exploit::Remote::HTTP::Splunk

Defined in:

lib/msf/core/exploit/remote/http/splunk/dashboards.rb

Overview

This module provides a way of interacting with Splunk dashboards

Instance Method Summary

• #create_dashboard(namespace, name, template, cookie) ⇒ Rex::Proto::Http::Response

  Creates a new Splunk dashboard in the specified namespace.

• #delete_dashboard(namespace, name, cookie) ⇒ Rex::Proto::Http::Response

  Deletes a Splunk dashboard from the specified namespace.

• #export_dashboard(namespace, name, cookie) ⇒ Rex::Proto::Http::Response

  Exports a Splunk dashboard to PDF.

Instance Method Details

#create_dashboard(namespace, name, template, cookie) ⇒ Rex::Proto::Http::Response

Creates a new Splunk dashboard in the specified namespace

Parameters:

• namespace (String) —

  The Splunk namespace (usually a user or app) where the dashboard will be created

• name (String) —

  The name of the dashboard

• template (String) —

  The dashboard template content

• cookie (String) —

  Valid admin's cookie

Returns:

• (Rex::Proto::Http::Response) —

  HTTP response object

# File 'lib/msf/core/exploit/remote/http/splunk/dashboards.rb', line 12

def create_dashboard(namespace, name, template, cookie)
  csrf = extract_csrf_token(cookie)

  res = send_request_cgi(
    'uri' => splunk_dashboard_create_api_url(namespace),
    'method' => 'POST',
    'vars_get' => {
      'output_mode' => 'json'
    },
    'vars_post' => {
      'name' => name,
      'eai:data' => template,
      'eai:type' => 'views'
    },
    'cookie' => cookie,
    'headers' => {
      'X-Splunk-Form-Key' => csrf,
      'X-Requested-With': 'XMLHttpRequest'
    }
  )
  unless res&.code == 201
    fail_with(Msf::Module::Failure::UnexpectedReply, "#{peer} Server did not respond with the expected HTTP 200")
  end

  res
end

#delete_dashboard(namespace, name, cookie) ⇒ Rex::Proto::Http::Response

Deletes a Splunk dashboard from the specified namespace

Parameters:

• namespace (String) —

  The Splunk namespace where the dashboard resides

• name (String) —

  The name of the dashboard to delete

• cookie (String) —

  Valid admin's cookie

Returns:

• (Rex::Proto::Http::Response) —

  HTTP response object

# File 'lib/msf/core/exploit/remote/http/splunk/dashboards.rb', line 71

def delete_dashboard(namespace, name, cookie)
  csrf = extract_csrf_token(cookie)

  res = send_request_cgi(
    'uri' => splunk_dashboard_delete_api_url(namespace, name),
    'method' => 'DELETE',
    'vars_get' => {
      'output_mode' => 'json'
    },
    'cookie' => @cookie,
    'headers' => {
      'X-Requested-With': 'XMLHttpRequest',
      'X-Splunk-Form-Key' => csrf
    }
  )
  unless res&.code == 200
    fail_with(Msf::Module::Failure::UnexpectedReply, "#{peer} Server did not respond with the expected HTTP 200")
  end

  res
end

#export_dashboard(namespace, name, cookie) ⇒ Rex::Proto::Http::Response

Exports a Splunk dashboard to PDF

Parameters:

• namespace (String) —

  The Splunk namespace where the dashboard resides

• name (String) —

  The name of the dashboard to export

• cookie (String) —

  Valid admin's cookie

Returns:

• (Rex::Proto::Http::Response) —

  HTTP response object containing the exported PDF

# File 'lib/msf/core/exploit/remote/http/splunk/dashboards.rb', line 45

def export_dashboard(namespace, name, cookie)
  csrf = extract_csrf_token(cookie)

  res = send_request_cgi(
    'uri' => splunk_dashboard_pdf_export_api_url(namespace, name),
    'method' => 'POST',
    'vars_post' => {
      'input-dashboard' => name,
      'namespace' => namespace,
      'splunk_form_key' => csrf
    },
    'cookie' => cookie
  )
  unless res&.code == 200
    fail_with(Msf::Module::Failure::UnexpectedReply, "#{peer} Server did not respond with the expected HTTP 200")
  end

  res
end