From fbbcab73330e5211f48b506714ebd398bda71b2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9E=97=E5=AF=92?= <57119052+For3stCo1d@users.noreply.github.com> Date: Mon, 28 Mar 2022 00:18:17 +0800 Subject: [PATCH] Added Emqx template (#3978) * Create emqx-default-login.yaml * Create emqx-detection.yaml * more strict matchers Co-authored-by: sandeep --- default-logins/emqx/emqx-default-login.yaml | 32 +++++++++++++++++++++ technologies/emqx-detection.yaml | 19 ++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 default-logins/emqx/emqx-default-login.yaml create mode 100644 technologies/emqx-detection.yaml diff --git a/default-logins/emqx/emqx-default-login.yaml b/default-logins/emqx/emqx-default-login.yaml new file mode 100644 index 0000000000..b887be64fa --- /dev/null +++ b/default-logins/emqx/emqx-default-login.yaml @@ -0,0 +1,32 @@ +id: emqx-default-login + +info: + name: Emqx Default Login + author: For3stCo1d + severity: high + metadata: + shodan-query: http.favicon.hash:"-670975485" + tags: emqx,default-login + +requests: + - raw: + - | + POST /api/v4/auth HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + {"username":"{{user}}","password":"{{pass}}"} + + attack: pitchfork + payloads: + user: + - admin + pass: + - public + + matchers: + - type: dsl + dsl: + - body == "{\"code\":0}" + - status_code == 200 + condition: and \ No newline at end of file diff --git a/technologies/emqx-detection.yaml b/technologies/emqx-detection.yaml new file mode 100644 index 0000000000..0e5ecfb489 --- /dev/null +++ b/technologies/emqx-detection.yaml @@ -0,0 +1,19 @@ +id: emqx-detection + +info: + name: Emqx Detection + author: For3stCo1d + severity: info + tags: tech,emqx + +requests: + - method: GET + path: + - "{{BaseURL}}/static/emq.ico" + + matchers-condition: and + matchers: + - type: dsl + name: favicon + dsl: + - "status_code==200 && ('-670975485' == mmh3(base64_py(body)))"