From 8e608c31e4b1e151acd1cd2d4a3344f6d3e1ac6d Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 1 Aug 2024 14:32:24 +0530 Subject: [PATCH] Create db2-discover.yaml --- javascript/udp/detection/db2-discover.yaml | 56 ++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 javascript/udp/detection/db2-discover.yaml diff --git a/javascript/udp/detection/db2-discover.yaml b/javascript/udp/detection/db2-discover.yaml new file mode 100644 index 0000000000..5d962a6af1 --- /dev/null +++ b/javascript/udp/detection/db2-discover.yaml @@ -0,0 +1,56 @@ +id: db2-discover + +info: + name: Broadcast DB2 Discover + author: pussycat0x + severity: info + description: | + Attempts to discover DB2 servers on the network by sending a broadcast request to port 523/udp. + reference: + - https://nmap.org/nsedoc/scripts/broadcast-db2-discover.html + metadata: + shodan-query: port:523 + tags: ibm,network,js,udp + +javascript: + - pre-condition: | + isUDPPortOpen(Host,Port); + code: | + let packet = bytes.NewBuffer(); + const c = require("nuclei/net"); + const cmd = "DB2GETADDR\0SQL09010\0" + packet.WriteString(cmd) + let conn = c.Open('udp', `${Host}:${Port}`); + conn.SendHex(packet.Hex()); + const result = conn.RecvString() + const cleanedString = result.replace(/\x00/g, ''); + let combinedResult; + + if (cleanedString.includes("DB2RETADDRSQL")) { + + const regex = /^DB2RETADDRSQL(\d{2})(\d{2})(\d{1})(.*)$/; + const matches = cleanedString.match(regex); + + const formattedNumber = matches ? `${matches[1]}.${matches[2]}.${matches[3]}` : ''; + const hostname = matches ? matches[4] : ''; + + combinedResult = `Db2 Version: ${formattedNumber}, Hostname: ${hostname}`; + + } else { + conn.Close(); + } + combinedResult; + + args: + Host: "{{Host}}" + Port: 523 + + matchers: + - type: dsl + dsl: + - "success == true" + + extractors: + - type: dsl + dsl: + - response