Notes from the Devoops talk on Elastic Search
Elasticsearch Provides a distributed, multitenant-capable full-text search engine with a RESTful web interface and schema-free JSON documents.
![*]()
GET request to port 9200 will show version
No Authentication (initially)
Can search stored data via HTTP API
Update data with PUT request
Join an open cluster and receive all data
RCE prior to 1.2.0 (CVE-2014-3120)
RCE prior to 1.5.0* (CVE-2015-1427)
exploit/multi/elasticsearch/script_mvel_rce
![]()
Elasticsearch Provides a distributed, multitenant-capable full-text search engine with a RESTful web interface and schema-free JSON documents.
GET request to port 9200 will show version"version" : {
"number" : "1.2.4"
No Authentication (initially)
Can search stored data via HTTP API
Update data with PUT request
Join an open cluster and receive all data
RCE prior to 1.2.0 (CVE-2014-3120)
RCE prior to 1.5.0* (CVE-2015-1427)
exploit/multi/elasticsearch/script_mvel_rce
Elasticsearch solutions:
Apply authentication if possible
Segment elasticsearch from Corp (and the public in general)
Be aware of the data you put in elasticsearch
-->anyone can search it
Logs Logs Logs
osquery