search

nixawk / pentest-wiki

PENTEST-WIKI is a free online security knowledge library for pentesters / researchers. If you have a good idea, please share it with others.
MIT License
3.37k stars 915 forks source link

[bruteforce] Splunk login #25

Open nixawk opened 6 years ago

nixawk commented 6 years ago 
#!/usr/bin/python
# -*- coding: utf-8 -*-

# pip2 install --user splunk-sdk

import splunklib.binding as binding
import logging

logging.basicConfig(level=logging.INFO)
log = logging.getLogger(__file__)

def splunk_login(host, port, username, password):
    """Login Splunk based on API.
    """
    login_status = False
    try:
        service = binding.connect(
            host=host, port=port,
            username=username, password=password)

        login_status = True
        log.info("Attempting %s:%d - Login successfully" % (host, port))

    except binding.AuthenticationError as e:
        log.info("Attempting %s:%d - %s" % (host, port, e.message))

    return login_status

if __name__ == '__main__':

    host = "splunklab.example.com"
    port = 8089
    username = "username"
    password = "password"

    splunk_login(host, port, username, password)

"""
$ python2 splunk_login.py
INFO:splunk_login.py:Attempting splunklab.example.com:8089 - Login failed.

$ python2 splunk_login.py
INFO:splunk_login.py:Attempting splunklab.example.com:8089 - Login successfully

"""
nixawk commented 6 years ago 
$ nmap -Pn -n -sV -p8089 192.168.1.95

Starting Nmap 7.00 ( https://nmap.org ) at 2018-03-08 04:00 EST
Nmap scan report for 192.168.1.95
Host is up (0.0059s latency).
PORT     STATE SERVICE  VERSION
8089/tcp open  ssl/http Splunkd httpd

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 30.41 seconds