36 lines
1.3 KiB
YAML
36 lines
1.3 KiB
YAML
id: spnego-detect
|
|
|
|
info:
|
|
name: SPNEGO - Detect
|
|
author: lady_bug,ruppde
|
|
severity: info
|
|
description: |
|
|
SPNEGO stands for Simple and Protected GSSAPI Negotiation Mechanism. It is a protocol used for secure authentication and negotiation between client and server applications in a network environment. SPNEGO is based on the Generic Security Services Application Programming Interface (GSSAPI) framework.
|
|
reference:
|
|
- https://www.ibm.com/docs/en/was-liberty/core?topic=authentication-single-sign-http-requests-using-spnego-web
|
|
- https://arstechnica.com/information-technology/2022/12/critical-windows-code-execution-vulnerability-went-undetected-until-now/
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: 'www-authenticate: negotiate'
|
|
tags: miscellaneous,misc,windows,spnego
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
host-redirects: true
|
|
max-redirects: 5
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "contains(tolower(header), 'www-authenticate: negotiate')"
|
|
|
|
extractors:
|
|
- type: kval
|
|
kval:
|
|
- 'www_authenticate'
|
|
# digest: 4a0a00473045022100970ed01cba35a0bf36ab7ceb44e40d425659f959dc3a32c77e1f17437590839a02205dfd663ceb1e61851a9569c5b057040a7b4850507a44278d3f1414485a865f27:922c64590222798bb761d5b6d8e72950 |