From 97838f833cd1217613df33ebe05bf720305d8026 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sun, 7 Nov 2021 18:20:58 +0530 Subject: [PATCH 1/4] Add files via upload --- .../pentaho-default-credential.yaml | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 default-logins/pentaho-default-credential.yaml diff --git a/default-logins/pentaho-default-credential.yaml b/default-logins/pentaho-default-credential.yaml new file mode 100644 index 0000000000..6a556d655e --- /dev/null +++ b/default-logins/pentaho-default-credential.yaml @@ -0,0 +1,32 @@ +id: pentaho-default-login + +info: + name: Pentaho Default Credential + author: pussycat0x + severity: high + metadata: + shodan-query: 'pentaho' + tags: pentaho,default-login +requests: + - raw: + - | + POST /pentaho/j_spring_security_check HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + j_username={{user}}&j_password={{pass}} + attack: pitchfork + payloads: + user: + - admin + pass: + - password + matchers-condition: and + matchers: + - type: word + part: header + words: + - 'pentaho/Home' + - type: status + status: + - 302 \ No newline at end of file From 9cee096541896ff895561742930015b8c6ed85b8 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sun, 7 Nov 2021 19:52:45 +0530 Subject: [PATCH 2/4] Update pentaho-default-credential.yaml --- default-logins/pentaho-default-credential.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/default-logins/pentaho-default-credential.yaml b/default-logins/pentaho-default-credential.yaml index 6a556d655e..2983f79fb9 100644 --- a/default-logins/pentaho-default-credential.yaml +++ b/default-logins/pentaho-default-credential.yaml @@ -13,7 +13,6 @@ requests: POST /pentaho/j_spring_security_check HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - j_username={{user}}&j_password={{pass}} attack: pitchfork payloads: @@ -29,4 +28,4 @@ requests: - 'pentaho/Home' - type: status status: - - 302 \ No newline at end of file + - 302 From d2bff18167102e843d541987fef68501a808d061 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sun, 7 Nov 2021 19:53:38 +0530 Subject: [PATCH 3/4] Add files via upload --- network/samba-detect.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 network/samba-detect.yaml diff --git a/network/samba-detect.yaml b/network/samba-detect.yaml new file mode 100644 index 0000000000..76a3baaf40 --- /dev/null +++ b/network/samba-detect.yaml @@ -0,0 +1,17 @@ +id: samba-detection +info: + name: samba detection + author: pussycat0x + severity: info + tags: network,smb, samba +network: + - inputs: + - data: 000000a4ff534d4272000000000801400000000000000000000000000000400600000100008100025043204e4554574f524b2050524f4752414d20312e3000024d4943524f534f4654204e4554574f524b5320312e303300024d4943524f534f4654204e4554574f524b5320332e3000024c414e4d414e312e3000024c4d312e3258303032000253616d626100024e54204c414e4d414e20312e3000024e54204c4d20302e313200 + type: hex + host: + - "{{Hostname}}" + - "{{Hostname}}:139" + matchers: + - type: word + words: + - "SMBr" \ No newline at end of file From e40f8fcfc367743c653681bcb555ce82d8fbf77b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 8 Nov 2021 12:19:04 +0530 Subject: [PATCH 4/4] Update and rename default-logins/pentaho-default-credential.yaml to default-logins/pentaho/pentaho-default-login.yaml --- .../pentaho-default-login.yaml} | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) rename default-logins/{pentaho-default-credential.yaml => pentaho/pentaho-default-login.yaml} (79%) diff --git a/default-logins/pentaho-default-credential.yaml b/default-logins/pentaho/pentaho-default-login.yaml similarity index 79% rename from default-logins/pentaho-default-credential.yaml rename to default-logins/pentaho/pentaho-default-login.yaml index 2983f79fb9..522b3bf9bd 100644 --- a/default-logins/pentaho-default-credential.yaml +++ b/default-logins/pentaho/pentaho-default-login.yaml @@ -1,12 +1,13 @@ id: pentaho-default-login info: - name: Pentaho Default Credential + name: Pentaho Default Login author: pussycat0x severity: high metadata: shodan-query: 'pentaho' - tags: pentaho,default-login + tags: pentaho,default-login,panel + requests: - raw: - | @@ -14,18 +15,23 @@ requests: Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded; charset=UTF-8 j_username={{user}}&j_password={{pass}} + attack: pitchfork payloads: user: - admin pass: - password + matchers-condition: and matchers: - type: word part: header words: - 'pentaho/Home' + - 'JSESSIONID=' + condition: and + - type: status status: - 302