DEV Community: Maheshwaran M

Meilisearch

Maheshwaran M — Wed, 27 Jul 2022 17:04:33 +0000

Features
Search-as-you-type experience (answers < 50 milliseconds)
Full-text search
Typo tolerant (understands typos and misspelling)
Faceted search and filters
Supports hanzi (Chinese characters)
Supports synonyms
Easy to install, deploy, and maintain
Whole documents are returned
Highly customizable
RESTful API

Getting started
Deploy the Server
Homebrew (Mac OS)
brew update && brew install meilisearch
meilisearch
Docker
docker run -p 7700:7700 -v "$(pwd)/meili_data:/meili_data" getmeili/meilisearch
Announcing a cloud-hosted Meilisearch
Join the closed beta by filling out this form.

Try Meilisearch in our Sandbox
Create a Meilisearch instance in Meilisearch Sandbox. This instance is free, and will be active for 48 hours.

Run on Digital Ocean
DigitalOcean Marketplace

Deploy on Platform.sh
Deploy on Platform.sh
APT (Debian & Ubuntu)
echo "deb [trusted=yes] https://apt.fury.io/meilisearch/ /" > /etc/apt/sources.list.d/fury.list
apt update && apt install meilisearch-http
meilisearch
Download the binary (Linux & Mac OS)
curl -L https://install.meilisearch.com | sh
./meilisearch
Compile and run it from sources
If you have the latest stable Rust toolchain installed on your local system, clone the repository and change it to your working directory.

git clone https://github.com/meilisearch/meilisearch.git
cd meilisearch
cargo run --release
Create an Index and Upload Some Documents
Let's create an index! If you need a sample dataset, use this movie database. You can also find it in the datasets/ directory.

curl -L https://docs.meilisearch.com/movies.json -o movies.json
Now, you're ready to index some data.

curl -i -X POST 'http://127.0.0.1:7700/indexes/movies/documents' \
--header 'content-type: application/json' \
--data-binary @movies.json
Search for Documents
In command line
The search engine is now aware of your documents and can serve those via an HTTP server.

The jq command-line tool can greatly help you read the server responses.

curl 'http://127.0.0.1:7700/indexes/movies/search?q=botman+robin&limit=2' | jq
{
"hits": [
{
"id": "415",
"title": "Batman & Robin",
"poster": "https://image.tmdb.org/t/p/w1280/79AYCcxw3kSKbhGpx1LiqaCAbwo.jpg",
"overview": "Along with crime-fighting partner Robin and new recruit Batgirl, Batman battles the dual threat of frosty genius Mr. Freeze and homicidal horticulturalist Poison Ivy. Freeze plans to put Gotham City on ice, while Ivy tries to drive a wedge between the dynamic duo.",
"release_date": 866768400
},
{
"id": "411736",
"title": "Batman: Return of the Caped Crusaders",
"poster":

"https://image.tmdb.org/t/p/w1280/GW3IyMW5Xgl0cgCN8wu96IlNpD.jpg",
"overview": "Adam West and Burt Ward returns to their iconic roles of Batman and Robin. Featuring the voices of Adam West, Burt Ward, and Julie Newmar, the film sees the superheroes going up against classic villains like The Joker, The Riddler, The Penguin and Catwoman, both in Gotham City… and in space.",
"release_date": 1475888400
}
],
"nbHits": 8,
"exhaustiveNbHits": false,
"query": "botman robin",
"limit": 2,
"offset": 0,
"processingTimeMs": 2
}
Use the Web Interface
We also deliver an out-of-the-box web interface in which you can test Meilisearch interactively.

You can access the web interface in your web browser at the root of the server. The default URL is http://127.0.0.1:7700. All you need to do is open your web browser and enter Meilisearch’s address to visit it. This will lead you to a web page with a search bar that will allow you to search in the selected index.

| See the gif above

Documentation
Now that your Meilisearch server is up and running, you can learn more about how to tune your search engine in the documentation.

Contributing
Hey! We're glad you're thinking about contributing to Meilisearch! Feel free to pick an issue labeled as good first issue, and to ask any question you need. Some points might not be clear and we are available to help you!

Also, we recommend following the CONTRIBUTING to create your PR.``

Metasploit from Exploit-DB

Maheshwaran M — Wed, 27 Jul 2022 16:59:40 +0000

All this time you were just using mainstream exploits which were famous but old. They worked well, but only with old unpatched operating systems, not the updated ones. Now it's time to move on to the next step. Our poor experience against Windows 8 and Java 7u60 left us shattered, and we realized that fully patched and updated machines with strong antivirus and firewall can be pretty hard to break into. Now we will move into the world of real pentesting, and the first step would be introduction to exploit-db.

Exploit-db
As usual, a few official words from the developers before I express my personal views.

The Exploit Database is the ultimate archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away. (offensive security)
Some more
The Exploit Database is a CVE-Compatible Database and (where applicable) CVE numbers are assigned to the individual exploit entries in the database. The public database archive does not contain the mapped CVE numbers, but we make them available to our partnering organizations, making links to The Exploit Database entries available within their products.
As many exploit developers lament, it is frequently more difficult to locate a vulnerable application than it is to take a public proof of concept and change it into a working exploit. For this reason, The Exploit Database also hosts the vulnerable application versions whenever possible.
In addition, the team of volunteers that maintain the site also make every effort to verify the submitted exploits and a visual indicator is provided whether or not a successful verification was performed. (Offensive Security)

Now, what exploit db really is, is nothing more than a database where the pentestors who write an exploit for a vulnerability upload the source code of the exploit of other pentestors too see. It is maintained by Offensive Security (the force behind Backtrack, Kali, Metasploit Unleashed). The exploit-db.com site itself is pretty easy to navigate, and you can find all sorts of exploits there. Just finding an exploit, however, is not enough, as you need to add it to Metasploit in order to use it.

Get the exploit
For examples sake, we'll use the adobe shader exploit from http://www.exploit-db.com/exploits/33333/ Click on the Save icon to download the exploit. Save it on you Kali Desktop

Add new exploits to Metasploit from Exploit-db
By Shashwat June 09, 2014 cli, command line, denial of service, exploit, exploit-db, hacking, linux, metasploit, Penetration Testing Tutorials, tutorial
Disclaimer - TLDR; some stuff here can be used to carry out illegal activity, our intention is, however, to educate
All this time you were just using mainstream exploits which were famous but old. They worked well, but only with old unpatched operating systems, not the updated ones. Now it's time to move on to the next step. Our poor experience against Windows 8 and Java 7u60 left us shattered, and we realized that fully patched and updated machines with strong antivirus and firewall can be pretty hard to break into. Now we will move into the world of real pentesting, and the first step would be introduction to exploit-db.

(If you don't want the theory and just want to know how to use the exploits, keep scrolling till you see bold text, some of which is in red and/or blue. Just keep using those commands and you'll be done or click here to skip to that part)

Exploit-db
As usual, a few official words from the developers before I express my personal views.

Adobe Flash Player Shader Buffer Overflow

This module exploits a buffer overflow vulnerability in Adobe Flash Player. The vulnerability occurs in the flash.Display.Shader class, when setting specially crafted data as its bytecode, as exploited in the wild in April 2014. This module has been tested successfully on IE 6 to IE 11 with Flash 11, Flash 12 and Flash 13 over Windows XP SP3, Windows 7 SP1 and Windows 8. (rapid7)
Now the site suggest that the exploit can be found here.
exploit/windows/browser/adobe_flash_pixel_bender_bof
But using the command
use exploit/windows/browser/adobe_flash_pixel_bender_bof
shows that the exploit is not in Metasploit yet (chances are good it's there if you update metasploit regularly or if you are reading this tutorial a long time after it was written. Either ways, the method will not differ even if the exploit is already there, so don't worry. Also you can use a different exploit as per your liking, and just replace the name wherever you see it being used in commands)

Now, there are two alternates. First, update the metasploit framework using

msfupdate
This will update the framework with new modules.

The second alternate the to download the exploit from exploit-db, then put it in the ~/.msf4/modules/exploit/ directory. Any exploit put here will be detected my Metasploit when it starts. It will show up when you type use /exploit/your_folder/exploit_name. An important point here is while the <your_folder is arbitrary and can be set to any value, it is recommended to use a proper directory structure. For example, this exploit should be placed in ~/.msf4/modules/exploit/windows/browser/ directory .Also, it is mandatory to place exploits in a subdirectory of ~/.msf4/modules/exploit/ or you won't be able to use it. For newbies in Linux, here is a detailed step by step guide.

Get the exploit
For examples sake, we'll use the adobe shader exploit from http://www.exploit-db.com/exploits/33333/ Click on the Save icon to download the exploit. Save it on you Kali Desktop.

.msf4 directory method
Now if you are not well versed with linux, you will need help with creating the directory and placing files there. Although I'm guiding you how to do it, you should be proficient in linux usage and should be able to do the basic stuff like this atleast. So, you can either use the command to line create the directories or do it using the GUI.
Command line method
First, say hi to mkdir
mkdir --help
Usage: mkdir [OPTION]... DIRECTORY...
Create the DIRECTORY(ies), if they do not already exist.

Mandatory arguments to long options are mandatory for short options too.
-m, --mode=MODE set file mode (as in chmod), not a=rwx - umask
-p, --parents no error if existing, make parent directories as needed
-v, --verbose print a message for each created directory
-Z, --context=CTX set the SELinux security context of each created
directory to CTX
--help display this help and exit
--version output version information and exit

First we'll move to the already existent directory using (you need to be in root directory for this to work. Type just cd if unsure, it will automatically take you to root directory)root@kali:~# cd .msf4/modules/

To see what the directory has, execute ls. It will return nothing as the directory is empty.
root@kali:~/.msf4/modules# ls
Now we'll use mkdir to create what we need.
root@kali:~/.msf4/modules# mkdir exploits
root@kali:~/.msf4/modules# cd exploits
root@kali:~/.msf4/modules/exploits# mkdir windows

root@kali:~/.msf4/modules/exploits# cd windows
root@kali:~/.msf4/modules/exploits/windows# mkdir browser
root@kali:~/.msf4/modules/exploits/windows# cp

If you read the mkdir help thing, you might have noticed the -p option. It makes everything much easier. Everything above can be achieved with something as simple as
root@kali:~# mkdir -p ~/.msf4/modules/exploits/windows/browser

Now meet cp
root@kali:~/.msf4/modules/exploits/windows# cp --help
Usage: cp [OPTION]... [-T] SOURCE DEST
or: cp [OPTION]... SOURCE... DIRECTORY
or: cp [OPTION]... -t DIRECTORY SOURCE...
Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.
Assume you have adobe_flash_pixel_bender_bof.rb file on your desktop. Then use the following commands.
root@kali:~/Desktop# cp adobe_flash_pixel_bender_bof.rb ~/.msf4/modules/exploits/windows

root@kali:~# ls
Desktop app.apk
root@kali:~# cd Desktop
root@kali:~/Desktop# cp adobe_flash_pixel_bender_bof.rb ~/.msf4/modules/exploits/windows/browser
Now check for yourself
root@kali:~# cd ~/.msf4/modules/exploits/windows/browser
root@kali:~/.msf4/modules/exploits/windows/browser# ls
adobe_flash_pixel_bender_bof.rb