SMB -JS Templates

2023-10-03 00:40:04 +05:30 · 2023-10-03 00:40:04 +05:30 · 770a6d903f
parent d9efa67522
commit 770a6d903f
5 changed files with 178 additions and 0 deletions
--- a/javascript/network/smb/CVE-2020-0796.yaml
+++ b/javascript/network/smb/CVE-2020-0796.yaml
@ -0,0 +1,31 @@
+id: CVE-2020-0796
+
+info:
+  name: SMBGhost Vulnerability
+  author: pussycat0x
+  severity: unknown
+  description: |
+    SMBGhost, or CVE-2020-0796, is a vulnerability that resides within the Microsoft Server Message Block 3.0 (SMBv3), a protocol introduced by the company to its newer operating systems. This communication protocol enables shared access to files, data, and other assets within an interconnected computer network.
+  reference:
+    - https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2020-0796
+  metadata:
+    verified: true
+    shodan-query: "port:445"
+  tags: js,network,smb,enum
+
+javascript:
+  - code: |
+      var m = require("nuclei/smb");
+      var c = m.SMBClient();
+      var response = c.DetectSMBGhost(Host, Port);
+      log(to_json(response));
+
+    args:
+      Host: "{{Host}}"
+      Port: "445"
+
+    matchers:
+      - type: word
+        words:
+          - "response == test"
+          - "success == true"
--- a/javascript/network/smb/smb-anonymous.yaml
+++ b/javascript/network/smb/smb-anonymous.yaml
@ -0,0 +1,38 @@
+id: smb-anonymous-access
+
+info:
+  name: SMB  Anonymous Access - Detect
+  author: pussycat0x
+  severity: high
+  description: |
+    smb anonymous access detect
+  reference:
+    - https://wadcoms.github.io/wadcoms/SMBClient-List-Shares-Anonymous/
+  metadata:
+    verified: true
+    shodan-query: "port:445"
+  tags: js,network,smb,enum,misconfig
+
+javascript:
+   - pre-condition: |
+      var m = require("nuclei/smb");
+      var c = m.SMBClient();
+      c.ListSMBv2Metadata(Host, Port);
+
+     code: |
+      var m = require("nuclei/smb");
+      var c = m.SMBClient();
+      var response = c.ListShares(Host, Port, User, Pass);
+      log(to_json(response));
+
+     args:
+      Host: "{{Host}}"
+      Port: "5432"
+      User: "test"
+      Pass: "test"
+
+     extractors:
+      - type: json
+        name: SMB Shares
+        json:
+          - '.[]'
--- a/javascript/network/smb/smb-shares.yaml
+++ b/javascript/network/smb/smb-shares.yaml
@ -0,0 +1,38 @@
+id: smb-share
+
+info:
+  name: SMB  Shares - Enumeration
+  author: pussycat0x
+  severity: low
+  description: |
+    Attempts to list shares using the srvsvc.NetShareEnumAll MSRPC function and retrieve more information about them using srvsvc.NetShareGetInfo. If access to those functions is denied, a list of common share names are checked.
+  reference:
+    - https://nmap.org/nsedoc/scripts/smb-enum-shares.html
+  metadata:
+    verified: true
+    shodan-query: "port:445"
+  tags: js,network,smb,enum
+
+javascript:
+   - pre-condition: |
+      var m = require("nuclei/smb");
+      var c = m.SMBClient();
+      c.ListSMBv2Metadata(Host, Port);
+
+     code: |
+      var m = require("nuclei/smb");
+      var c = m.SMBClient();
+      var response = c.ListShares(Host, Port, User, Pass);
+      to_json(response);
+
+     args:
+      Host: "{{Host}}"
+      Port: "445"
+      User: "test"
+      Pass: "test"
+
+     extractors:
+      - type: json
+        name: SMB Shares
+        json:
+          - '.[]'
--- a/javascript/network/smb/smb-signing-not-required.yaml
+++ b/javascript/network/smb/smb-signing-not-required.yaml
@ -0,0 +1,41 @@
+id: smb-signing-not-required
+
+info:
+  name: SMB Signing not required
+  author: pussycat0x
+  severity: medium
+  description: |
+    Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
+  reference:
+    - https://www.tenable.com/plugins/nessus/57608
+    - https://nmap.org/nsedoc/scripts/smb2-security-mode.html
+  metadata:
+    verified: true
+    shodan-query: "port:445"
+  tags: js,network,smb,enum
+
+javascript:
+   - pre-condition: |
+      var m = require("nuclei/smb");
+      var c = m.SMBClient();
+      c.ListSMBv2Metadata(Host, Port);
+
+     code: |
+      var m = require("nuclei/smb");
+      var c = m.SMBClient();
+      var response = c.ListSMBv2Metadata(Host, Port, User, Pass);
+      to_json(response);
+
+     args:
+      Host: "{{Host}}"
+      Port: "5432"
+      User: "test"
+      Pass: "test"
+
+     matchers:
+       - type: word
+         words:
+           - '"SigningEnabled": true'
+           - '"SigningRequired": false'
+         condition: and
+
--- a/javascript/network/smb/smb2-capabilities.yaml
+++ b/javascript/network/smb/smb2-capabilities.yaml
@ -0,0 +1,30 @@
+id: smb2-capabilities
+
+info:
+  name: smb2-capabilities - Enumeration
+  author: pussycat0x
+  severity: info
+  description: |
+    Attempts to list the supported capabilities in a SMBv2 server for each enabled dialect.
+  reference:
+    - https://nmap.org/nsedoc/scripts/smb2-capabilities.html
+  metadata:
+    shodan-query: "port:445"
+
+javascript:
+  - code: |
+      var m = require("nuclei/smb");
+      var c = m.SMBClient();
+      var response = c.ConnectSMBInfoMode(Host, Port);
+      to_json(response)
+
+    args:
+      Host: "{{Host}}"
+      Port: "445"
+
+    extractors:
+      - type: json
+        name: smb2-capabilities
+        part: response
+        json:
+          - '.Capabilities | with_entries(select(.value == true)) | keys'