Skip to content

Instantly share code, notes, and snippets.

@atucom
Created March 7, 2016 19:34
Show Gist options
  • Save atucom/7bb8ad351813ce54fc5c to your computer and use it in GitHub Desktop.
Save atucom/7bb8ad351813ce54fc5c to your computer and use it in GitHub Desktop.
super simple fingerprinter for DCEPT cred serving server
#!/usr/bin/env ruby
#Fingerprints SecureWorks DCEPT
#@atucom
require 'net/http'
require 'json'
if ARGV.empty?
puts "Fingerprints destination HTTP service for DCEPT"
puts "\t Usage: #{$0} IP[:port] "
else
targethost = ARGV[0]
random_string = (0...8).map { (65 + rand(26)).chr }.join
uri = URI("http://#{targethost}/?machine=#{random_string}")
http_body = Net::HTTP.get(uri)
if http_body =~ /^\{'d'/
http_body.gsub!("'",'"') #JSON parser expects everything inside doublequotes, not single
http_body.gsub!(",p:",',"p":') #p var needs to be inside doublequotes as well
parsed_json = JSON.load(http_body)
if parsed_json.length <= 3 and parsed_json.has_key? 'u' and parsed_json.has_key? 'p'
puts "#{targethost} - FOUND DCEPT"
end
else
puts "#{targethost} - NOT DCEPT"
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment