daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/javascript/default-logins/mssql-default-logins.yaml

44 lines
1.1 KiB
YAML
Raw Blame History

id: mssql-default-logins
info:
name: Microsoft Sql - Default Logins
author: Ice3man543,tarunKoyalwar
severity: high
description: |
A MSSQL service was accessed with easily guessed credentials.
metadata:
max-request: 7
shodan-query: port:1433
tags: js,mssql,default-login,network
javascript:
- pre-condition: |
var m = require("nuclei/mssql");
var c = m.MSSQLClient();
c.IsMssql(Host, Port);
code: |
var m = require("nuclei/mssql");
var c = m.MSSQLClient();
c.Connect(Host,Port,User,Pass)
args:
Host: "{{Host}}"
Port: "1433"
User: "{{usernames}}"
Pass: "{{passwords}}"
payloads:
usernames:
- sa
- root
- admin
passwords:
- SqlServer0
- SqlServer2021
attack: clusterbomb
matchers:
- type: dsl
dsl:
- "response == true"
- "success == true"
condition: and
# digest: 490a0046304402206b60400ec97d3b1d6289c5ce72754a9a6596a7975686f40f7d6117496bd57d0c02205ac97dcd45ad773380772e7435e20e3f5da64932e58d35f539ca9d8281b5c5e3:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink