nuclei-templates/javascript/udp/detection/db2-discover.yaml

59 lines
1.6 KiB
YAML
Raw Permalink Normal View History

2024-08-01 09:02:24 +00:00
id: db2-discover
info:
name: Broadcast DB2 Discover
author: pussycat0x
severity: info
description: |
Attempts to discover DB2 servers on the network by sending a broadcast request to port 523/udp.
reference:
- https://nmap.org/nsedoc/scripts/broadcast-db2-discover.html
metadata:
shodan-query: port:523
2024-08-02 12:17:30 +00:00
verified: true
max-request: 1
2024-08-01 09:02:24 +00:00
tags: ibm,network,js,udp
javascript:
- pre-condition: |
isUDPPortOpen(Host,Port);
code: |
let packet = bytes.NewBuffer();
const c = require("nuclei/net");
const cmd = "DB2GETADDR\0SQL09010\0"
packet.WriteString(cmd)
let conn = c.Open('udp', `${Host}:${Port}`);
conn.SendHex(packet.Hex());
const result = conn.RecvString()
const cleanedString = result.replace(/\x00/g, '');
let combinedResult;
if (cleanedString.includes("DB2RETADDRSQL")) {
const regex = /^DB2RETADDRSQL(\d{2})(\d{2})(\d{1})(.*)$/;
const matches = cleanedString.match(regex);
const formattedNumber = matches ? `${matches[1]}.${matches[2]}.${matches[3]}` : '';
const hostname = matches ? matches[4] : '';
combinedResult = `Db2 Version: ${formattedNumber}, Hostname: ${hostname}`;
} else {
conn.Close();
}
combinedResult;
args:
Host: "{{Host}}"
Port: 523
matchers:
- type: dsl
dsl:
- "success == true"
extractors:
- type: dsl
dsl:
- response
# digest: 490a0046304402200677d57a1569d0d0f52dcb633bc9a8e23baf606b9f8cbcd3a94599d1a42cfd0f022075363935f37f232d23b9ca4ea75ae9caad443a19f2f3f430180e3d9ca1531073:922c64590222798bb761d5b6d8e72950