nuclei-templates/http/exposed-panels/c2/nh-c2.yaml

id: nh-c2

info:
  name: NH C2 Server - Detect
  author: pussycat0
  severity: info
  reference:
    - https://twitter.com/MichalKoczwara/status/1616179246216396806
  metadata:
    verified: "true"
    max-request: 1
    censys-query: 10baf5fcdde4563d3e145a1f553ae433fb1c3572
  tags: tech,nh,c2,panel

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "status_code == 301 && status_code == 302"
          - "(\"03609e8e4a0a0ef888327d64ae2dc8950664219e\" == sha1(body))"
        condition: and
# digest: 4a0a0047304502206a8064b8e5be6cc4ab5ab8543d53233b4fd857fd72040f9dcc7ce30fc75ba616022100c5470a7a707119ac0cd4eda84e10c1fd1c8285f170af01feca029507df7eaa9c:922c64590222798bb761d5b6d8e72950