Create empire-C2.yaml

2023-01-05 17:10:58 +00:00 · 2023-01-05 17:10:58 +00:00 · c1fb21f8d8
parent 249b8d5074
commit c1fb21f8d8
1 changed files with 39 additions and 0 deletions
--- a/default-logins/empire-C2.yaml
+++ b/default-logins/empire-C2.yaml
@ -0,0 +1,39 @@
+id: empireC2-default-login-api
+
+info:
+  name: Empire-C2 Default Login Api
+  author: clem9669
+  severity: high
+  description: Kanboard default login was discovered.
+  reference:
+    - https://github.com/BC-SECURITY/Empire
+    - https://bc-security.gitbook.io/empire-wiki/quickstart/configuration/server
+  tags: default-login,empire
+  
+requests:
+  - raw:
+      - |
+        POST /api/admin/login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/json
+        
+        {"username":"{{user}}","password":"{{pass}}"}
+
+    attack: pitchfork
+    payloads:
+      user:
+        - empireadmin
+      pass:
+        - password123
+ 
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'token'
+        condition: and
+        case-insensitive: true
+
+      - type: status
+        status:
+          - 200