Splunk Reverse Shell

by Vince
in Blog
Hits: 270

I've been MIA for a bit mostly because I've been preparing for, and speaking at, security conferences.  In April, I spoke at BSides Iowa and this past June, I spoke at BSides in San Antonio, Texas.  I'm still waiting to hear back from BSides Kansas City and I just got accepted to speak at Grrcon which is one of my favorite cons. I'm busy to say the least.  That being said, I'm working on a new talk which means I'll probably be blogging more.  It's counterintuitive but building a presentation is basically writing a blog post with less text.  Anyway, enough about that.  

There's a github post here:  https://github.com/TBGSecurity/splunk_shells

But basically, all you need is this:  https://github.com/TBGSecurity/splunk_shells/archive/1.2.tar.gz

We move to Apps | Upload App:



When we hit Upload, we need to restart:



Restarting takes a minute:



Next, we need to move into Apps | Permissions and give it permission for All Apps:



After saving, we can now go to Search and execute our command.  NOTE:  That's a pipe ( | ) in front of the string. 

If you scroll to the bottom of the github page, you can see there's an options for MSF and STD.  If one doesn't work, try the other.  



With a handler setup, you'll catch an inbound shell.