5601 - Kibana
💡 学习提示: 本文档介绍 5601 - Kibana 的渗透测试方法,适合信息安全初学者和从业人员参考。
⚠️ 法律声明: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。
⚠️ 法律声明: 本文档仅供学习和授权测试使用。未经授权的系统测试可能违反法律法规。
5601/tcp - 渗透测试 Kibana
基本信息
Kibana is known for its ability to search and visualize data within Elasticsearch, typically running on port 5601. It serves as the interface for the Elastic Stack cluster’s monitoring, management, and security functions.
Understanding 认证
The process of authentication in Kibana is inherently linked to the credentials used in Elasticsearch. If Elasticsearch has authentication disabled, Kibana can be accessed without any credentials. Conversely, if Elasticsearch is secured with credentials, the same credentials are required to access Kibana, maintaining identical user permissions across both platforms. Credentials might be found in the /etc/kibana/kibana.yml file. If these credentials do not pertain to the kibana_system user, they may offer broader access rights, as the kibana_system user’s access is restricted to monitoring APIs and the .kibana index.
Actions Upon Access
Once access to Kibana is secured, several actions are advisable:
- Exploring data from Elasticsearch should be a priority.
- The ability to manage users, including the editing, deletion, or creation of new users, roles, or API keys, is found under Stack Management -> Users/Roles/API Keys.
- It’s important to check the installed version of Kibana for known vulnerabilities, such as the 远程代码执行 vulnerability identified in versions prior to 6.6.0 (More Info).
SSL/TLS Considerations
In instances where SSL/TLS is not enabled, the potential for leaking sensitive information should be thoroughly evaluated.s