35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
id: spnego-detect
|
|
|
|
info:
|
|
name: SPNEGO - Detect
|
|
author: lady_bug,ruppde
|
|
severity: info
|
|
description: |
|
|
SPNEGO stands for Simple and Protected GSSAPI Negotiation Mechanism. It is a protocol used for secure authentication and negotiation between client and server applications in a network environment. SPNEGO is based on the Generic Security Services Application Programming Interface (GSSAPI) framework.
|
|
reference:
|
|
- https://www.ibm.com/docs/en/was-liberty/core?topic=authentication-single-sign-http-requests-using-spnego-web
|
|
- https://arstechnica.com/information-technology/2022/12/critical-windows-code-execution-vulnerability-went-undetected-until-now/
|
|
metadata:
|
|
max-request: 1
|
|
shodan-query: 'www-authenticate: negotiate'
|
|
verified: true
|
|
tags: misc,windows,spnego
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
host-redirects: true
|
|
max-redirects: 5
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "contains(tolower(header), 'www-authenticate: negotiate')"
|
|
|
|
extractors:
|
|
- type: kval
|
|
kval:
|
|
- 'www_authenticate'
|