id: mssql-default-logins

info:
  name: Microsoft Sql - Default Logins
  author: Ice3man543,tarunKoyalwar
  severity: high
  description: |
    A MSSQL service was accessed with easily guessed credentials.
  metadata:
    max-request: 7
    shodan-query: port:1433
  tags: js,mssql,default-login,network
javascript:
  - pre-condition: |
      var m = require("nuclei/mssql");
      var c = m.MSSQLClient();
      c.IsMssql(Host, Port);
    code: |
      var m = require("nuclei/mssql");
      var c = m.MSSQLClient();
      c.Connect(Host,Port,User,Pass)
    args:
      Host: "{{Host}}"
      Port: "1433"
      User: "{{usernames}}"
      Pass: "{{passwords}}"
    payloads:
      usernames:
        - sa
        - root
        - admin
      passwords:
        - SqlServer0
        - SqlServer2021
    attack: clusterbomb
    matchers:
      - type: dsl
        dsl:
          - "response == true"
          - "success == true"
        condition: and

# digest: 490a0046304402206b60400ec97d3b1d6289c5ce72754a9a6596a7975686f40f7d6117496bd57d0c02205ac97dcd45ad773380772e7435e20e3f5da64932e58d35f539ca9d8281b5c5e3:922c64590222798bb761d5b6d8e72950