nuclei-templates/http/exposed-panels/c2/nh-c2.yaml

id: nh-c2

info:
  name: NH C2 Server - Detect
  author: pussycat0
  severity: info
  reference:
    - https://twitter.com/MichalKoczwara/status/1616179246216396806
  metadata:
    censys-query: 10baf5fcdde4563d3e145a1f553ae433fb1c3572
    max-request: 1
    verified: "true"
  tags: tech,nh,c2,panel

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "status_code == 301 && status_code == 302"
          - "(\"03609e8e4a0a0ef888327d64ae2dc8950664219e\" == sha1(body))"
        condition: and
# digest: 490a00463044022063ab516462741e34434d9a9c199377f80e51f522197cb6175504b98fb36141ff02207115b32c0520afbef3c6ed48d4e3e67fc99ad28aa45a8bab9df3384082e67fe3:922c64590222798bb761d5b6d8e72950