# Elasticsearch Pentesting

It is a search engine based on the Lucene library. Default ports are 9200, 9300.

### Default Credentials <a href="#default-credentials" id="default-credentials"></a>

```
admin:elasticadmin
elastic:changeme
```

### Brute Force Credentials <a href="#brute-force-credentials" id="brute-force-credentials"></a>

Crack the "Authorization" header in the web page.

```
hydra -L usernames.txt -P passwords.txt <target-ip> -s 9200 http-get /
```

### Common Directories <a href="#common-directories" id="common-directories"></a>

```
/_cat/
/_cat/indices
/_cluster/
/_nodes/
/_remote/
/_security
/_search?q=username
/_search?q=password
/_security/role
/_security/user
/_xpack/security/user/
```