Updated and added Dell iDRAC files

patch-1
Kophjager007 2021-02-26 12:49:21 -06:00
parent 1ba9f0d33d
commit 2a0d868ce8
7 changed files with 132 additions and 20 deletions

View File

@ -1,6 +1,6 @@
id: dell-idrac-default-login
info:
name: Dll iDRAC Default login
name: Dell iDRAC6/7/8 Default login
author: kophjager007
severity: high
tags: dell,idrac,dlogin
@ -24,4 +24,4 @@ requests:
- type: word
words:
- <authResult>0</authResult>
- <authResult>0</authResult>

View File

@ -0,0 +1,30 @@
id: dell-idrac9-default-login
info:
name: Dell iDRAC9 Default login
author: kophjager007
severity: high
tags: dell,idrac,dlogin
requests:
- method: POST
cookie-reuse: true
path:
- "{{BaseURL}}/sysmgmt/2015/bmc/session"
body: " user=root&password=calvin"
headers:
Host: "{{Hostname}}"
Accept: "application/json, text/plain, */*"
user: "root"
password: "calvin"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Referer: "{{BaseURL}}/login.html"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- '"authResult":0'

View File

@ -0,0 +1,29 @@
id: dell-idrac6-detect
info:
name: Detect Dell iDRAC6
author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info
requests:
- method: GET
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
path:
- "{{BaseURL}}/data?get=prodServerGen"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "11G"
extractors:
- type: regex
part: body
regex:
- '[0-9]{2}G'

View File

@ -0,0 +1,29 @@
id: dell-idrac7-detect
info:
name: Detect Dell iDRAC7
author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info
requests:
- method: GET
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
path:
- "{{BaseURL}}/data?get=prodServerGen"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "12G"
extractors:
- type: regex
part: body
regex:
- '[0-9]{2}G'

View File

@ -0,0 +1,29 @@
id: dell-idrac8-detect
info:
name: Detect Dell iDRAC8
author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info
requests:
- method: GET
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
path:
- "{{BaseURL}}/data?get=prodServerGen"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "13G"
extractors:
- type: regex
part: body
regex:
- '[0-9]{2}G'

View File

@ -1,6 +1,6 @@
id: dell-idrac-detect
id: dell-idrac9-detect
info:
name: Detect Dell iDRAC
name: Detect Dell iDRAC9
author: kophjager007
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
severity: info
@ -10,9 +10,8 @@ requests:
headers:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
path:
- "{{BaseURL}}/restgui/start.html"
- "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9)
- "{{BaseURL}}/login.html"
# iDRAC9 has a different endpoint than 8 and below.
matchers-condition: and
matchers:
@ -20,25 +19,18 @@ requests:
status:
- 200
- type: word
part: body
part: all
words:
- "Dell Integrated Remote Access Controller "
- "Integrated Dell Remote Access Controller"
- "iDRAC"
- "PowerEdge"
- "14G"
extractors:
- type: regex
part: header
regex:
- iDRAC/[0-9]{1,2}
- type: regex
part: body
regex:
- iDRAC[0-9]{1,2}
- '[0-9]{2}G'
- type: regex
part: body
name: fwver
group: 1
regex:
- '"FwVer" *: *"([^"]+)"'
- '"FwVer" *: *"([^"]+)"'

View File

@ -6,6 +6,9 @@ info:
tags: workflow
workflows:
- template: technologies/dell-idrac-detect.yaml
subtemplates:
- template: default-logins/dell/dell-idrac-default-login.yaml
- template: technologies/dell/dell-idrac6-detect.yaml
- template: technologies/dell/dell-idrac7-detect.yaml
- template: technologies/dell/dell-idrac8-detect.yaml
- template: default-logins/dell/dell-idrac-default-login.yaml
- template: technologies/dell/dell-idrac9-detect.yaml
- template: default-logins/dell/dell-idrac9-default-login.yaml