Update payloads and attack type

2023-07-11 16:25:45 +04:00 · 2023-07-11 16:25:45 +04:00 · b262a7d62a
parent fee7f0b529
commit b262a7d62a
1 changed files with 36 additions and 29 deletions
--- a/http/default-logins/apache/tomcat-default-login.yaml
+++ b/http/default-logins/apache/tomcat-default-login.yaml
@ -2,11 +2,12 @@ id: tomcat-default-login

 info:
  name: Apache Tomcat Manager Default Login
-  author: pdteam,sinKettu
+  author: pdteam,sinKettu,nybble04
  severity: high
  description: Apache Tomcat Manager default login credentials were discovered. This template checks for multiple variations.
  reference:
    - https://www.rapid7.com/db/vulnerabilities/apache-tomcat-default-ovwebusr-password/
+    - https://github.com/danielmiessler/SecLists/blob/master/Passwords/Default-Credentials/tomcat-betterdefaultpasslist.txt
  metadata:
    max-request: 18
    shodan-query: title:"Apache Tomcat"
@ -21,46 +22,52 @@ http:

    payloads:
      username:
-        - tomcat
-        - admin
-        - ovwebusr
-        - j2deployer
-        - cxsdk
        - ADMIN
-        - xampp
-        - tomcat
        - QCC
        - admin
-        - root
-        - role1
-        - role
-        - tomcat
-        - admin
-        - role1
        - both
-        - admin
+        - cxsdk
+        - demo
+        - j2deployer
+        - manager
+        - ovwebusr
+        - role
+        - role1
+        - root
+        - server_admin
+        - tomcat
+        - xampp

      password:
-        - tomcat
-        - admin
+        - ADMIN
        - OvW*busr1
+        - Password1
+        - QLogic66
+        - admanager
+        - admin
+        - adrole1
+        - adroot
+        - ads3cret
+        - adtomcat
+        - advagrant
+        - changethis
+        - demo
        - j2deployer
        - kdsxc
-        - ADMIN
-        - xampp
-        - s3cret
-        - QLogic66
-        - tomcat
-        - root
+        - manager
+        - owaspbwa
+        - password
+        - password1
+        - r00t
        - role1
-        - changethis
-        - changethis
-        - j5Brn9
+        - root
+        - s3cret
        - tomcat
-        - tomcat
-        - 123456
+        - toor
+        - vagrant
+        - xampp

-    attack: pitchfork  # Available options: sniper, pitchfork and clusterbomb
+    attack: clusterbomb  # Available options: sniper, pitchfork and clusterbomb

    matchers-condition: and
    matchers: