Updated and added Dell iDRAC files
parent
1ba9f0d33d
commit
2a0d868ce8
|
@ -1,6 +1,6 @@
|
|||
id: dell-idrac-default-login
|
||||
info:
|
||||
name: Dll iDRAC Default login
|
||||
name: Dell iDRAC6/7/8 Default login
|
||||
author: kophjager007
|
||||
severity: high
|
||||
tags: dell,idrac,dlogin
|
||||
|
@ -24,4 +24,4 @@ requests:
|
|||
|
||||
- type: word
|
||||
words:
|
||||
- <authResult>0</authResult>
|
||||
- <authResult>0</authResult>
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
id: dell-idrac9-default-login
|
||||
info:
|
||||
name: Dell iDRAC9 Default login
|
||||
author: kophjager007
|
||||
severity: high
|
||||
tags: dell,idrac,dlogin
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
cookie-reuse: true
|
||||
path:
|
||||
- "{{BaseURL}}/sysmgmt/2015/bmc/session"
|
||||
body: " user=root&password=calvin"
|
||||
headers:
|
||||
Host: "{{Hostname}}"
|
||||
Accept: "application/json, text/plain, */*"
|
||||
user: "root"
|
||||
password: "calvin"
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
|
||||
Referer: "{{BaseURL}}/login.html"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"authResult":0'
|
|
@ -0,0 +1,29 @@
|
|||
id: dell-idrac6-detect
|
||||
info:
|
||||
name: Detect Dell iDRAC6
|
||||
author: kophjager007
|
||||
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
headers:
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
|
||||
path:
|
||||
- "{{BaseURL}}/data?get=prodServerGen"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "11G"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '[0-9]{2}G'
|
|
@ -0,0 +1,29 @@
|
|||
id: dell-idrac7-detect
|
||||
info:
|
||||
name: Detect Dell iDRAC7
|
||||
author: kophjager007
|
||||
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
headers:
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
|
||||
path:
|
||||
- "{{BaseURL}}/data?get=prodServerGen"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "12G"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '[0-9]{2}G'
|
|
@ -0,0 +1,29 @@
|
|||
id: dell-idrac8-detect
|
||||
info:
|
||||
name: Detect Dell iDRAC8
|
||||
author: kophjager007
|
||||
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
||||
severity: info
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
headers:
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
|
||||
path:
|
||||
- "{{BaseURL}}/data?get=prodServerGen"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "13G"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- '[0-9]{2}G'
|
|
@ -1,6 +1,6 @@
|
|||
id: dell-idrac-detect
|
||||
id: dell-idrac9-detect
|
||||
info:
|
||||
name: Detect Dell iDRAC
|
||||
name: Detect Dell iDRAC9
|
||||
author: kophjager007
|
||||
description: The Integrated Dell Remote Access Controller (iDRAC) is designed for secure local and remote server management and helps IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
|
||||
severity: info
|
||||
|
@ -10,9 +10,8 @@ requests:
|
|||
headers:
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
|
||||
path:
|
||||
- "{{BaseURL}}/restgui/start.html"
|
||||
- "{{BaseURL}}/sysmgmt/2015/bmc/info" # Firmware Version and other info (iDRAC9)
|
||||
- "{{BaseURL}}/login.html"
|
||||
# iDRAC9 has a different endpoint than 8 and below.
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
@ -20,25 +19,18 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
- type: word
|
||||
part: body
|
||||
part: all
|
||||
words:
|
||||
- "Dell Integrated Remote Access Controller "
|
||||
- "Integrated Dell Remote Access Controller"
|
||||
- "iDRAC"
|
||||
- "PowerEdge"
|
||||
- "14G"
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: header
|
||||
regex:
|
||||
- iDRAC/[0-9]{1,2}
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- iDRAC[0-9]{1,2}
|
||||
- '[0-9]{2}G'
|
||||
- type: regex
|
||||
part: body
|
||||
name: fwver
|
||||
group: 1
|
||||
regex:
|
||||
- '"FwVer" *: *"([^"]+)"'
|
||||
- '"FwVer" *: *"([^"]+)"'
|
|
@ -6,6 +6,9 @@ info:
|
|||
tags: workflow
|
||||
|
||||
workflows:
|
||||
- template: technologies/dell-idrac-detect.yaml
|
||||
subtemplates:
|
||||
- template: default-logins/dell/dell-idrac-default-login.yaml
|
||||
- template: technologies/dell/dell-idrac6-detect.yaml
|
||||
- template: technologies/dell/dell-idrac7-detect.yaml
|
||||
- template: technologies/dell/dell-idrac8-detect.yaml
|
||||
- template: default-logins/dell/dell-idrac-default-login.yaml
|
||||
- template: technologies/dell/dell-idrac9-detect.yaml
|
||||
- template: default-logins/dell/dell-idrac9-default-login.yaml
|
||||
|
|
Loading…
Reference in New Issue