Posts Tagged ‘Amazon’

Open Elasticsearch nodes on Shodan

Posted: 06/01/2018 in Uncategorized
Tags: , , , ,

Administrators like to use Elasticsearch (What is Elasticsearch?) as a real-time data search and analysis tool. However lots of administrators forget to secure these nodes.

With a simple search on shodan, we can find the Elastic indices :

https://www.shodan.io/search?query=port:”9200″ product:”Elastic”

Confidential information can be accessed through these addresses, below is the syntax to use:

http://IP:9200/_search?pretty

Here are some basic recommendations for securing your nodes :

  • Only allow direct access to known IP addresses (Source to destination)
  • Add Authentication to Elastic Node (2FA all the way)

PoC

  1. Use this filter on shodan to search elastic node : port:”9200″ product:”Elastic”
  2. Check Elastic connection : http://IP:9200
  3. Executing Search : http://IP:9200/_search?pretty

This Node disclose some confidential information, we can use it to access to all accounts

Now we can use this information to access the Elastic backend

After contact the company has now secured their node.

For help security Elasticsearch watch the video on link below:

https://www.elastic.co/elasticon/conf/2016/sf/securing-elasticsearch

Also see Amazon Elasticsearch Service (Amazon ES) Developer Guide

Advertisements

tv-AnnonOn Friday, a group claiming affiliation with the loose hacker collective “Anonymous” released a document containing approximately 13,000 username-and-password combinations along with credit card numbers and expiration dates.

The stolen personal information was released in a massive text document posted to the Internet file-sharing website Ghostbin (now deleted), on Friday. The document contains a huge number of usernames and passwords, along with credit card numbers and expiration dates.

 

 

lulzxmas2

The Daily Dot‘s Aaron Sankin has compiled a comprehensive list of sites associated with the username and password leaks, and discovered that the leaks came from the sites run the gamut from pornography to gaming to online shopping. The list of the compromised websites is as follows:
  • Amazon
  • Walmart
  • PlayStation Network
  • Xbox Live
  • Twitch.tv
  • Dell
  • Brazzers
  • DigitalPlayground
  • and see complete list.

Just to be on the safe side, if you have an account with any of these places, you might want to change your password and start monitoring your credit card for any suspicious charges.

Last summer, Google took its Street View camerasto the Amazon, looking to capture the same 360-degree vistas that have made the technology so useful in cities all over the world. Yesterday, the project went live. There goes the rest of your week.

You can now wander around the Amazonian jungle — exploring its rivers, forests, and even remote villages — all from your computer. Says Google:

Take a virtual boat ride down the main section of the Rio Negro, and float up into the smaller tributaries where the forest is flooded. Stroll along the paths of Tumbira, the largest community in the Reserve, or visit some of the other communities who invited us to share their lives and cultures. Enjoy a hike along an Amazon forest trail and see where Brazil nuts are harvested. You can even see a forest critter if you look hard enough!

Click through to the Amazon section of the Street View Gallery to get an idea of what’s available to explore, or start up your copy of Google Earth and get up close and personal with South America’s Amazon Basin. (Looks like you’ll need Google Earth version 6 to explore.)