Module: Msf::Exploit::Remote::HTTP::Splunk::Search

Included in:: Msf::Exploit::Remote::HTTP::Splunk

Defined in:: lib/msf/core/exploit/remote/http/splunk/search.rb

Overview

This module provides a way of interacting with Splunk search

Instance Method Summary collapse

#search(namespace, query, cookie) ⇒ Rex::Proto::Http::Response

Executes a Splunk search in the specified namespace.

Instance Method Details

#search(namespace, query, cookie) ⇒ `Rex::Proto::Http::Response`

Executes a Splunk search in the specified namespace

Parameters:

namespace (String) —

The Splunk namespace (user or app context) for the search
query (String) —

The search query to execute
cookie (String) —

Valid admin's cookie

Returns:

(Rex::Proto::Http::Response) —

HTTP response object containing the search results

# File 'lib/msf/core/exploit/remote/http/splunk/search.rb', line 11

def search(namespace, query, cookie)
  csrf = extract_csrf_token(cookie)

  res = send_request_cgi(
    'uri' => splunk_search_api_url(namespace),
    'method' => 'POST',
    'cookie' => cookie,
    'headers' => {
      'X-Splunk-Form-Key' => csrf,
      'X-Requested-With': 'XMLHttpRequest'
    },
    'vars_post' => {
      search: query
    }
  )

  unless res&.code == 201
    fail_with(Msf::Module::Failure::UnexpectedReply, "#{peer} Server did not respond with the expected HTTP 201")
  end

  res
end

Module: Msf::Exploit::Remote::HTTP::Splunk::Search

Overview

Instance Method Summary collapse

Instance Method Details

#search(namespace, query, cookie) ⇒ Rex::Proto::Http::Response

#search(namespace, query, cookie) ⇒ `Rex::Proto::Http::Response`