fnmsd

## gist:334b719e253261ffd0abfd161e499ae7
# coding:utf-8
""" 管理后台、未授权的管理后台 """
import unittest
from urllib2 import urlparse
from bs4 import BeautifulSoup
from bs4.element import Tag
from poc_common.utils import get_hostname_port_url
from poc_common.utils import c_requests as requests
from scripts.poc_common.misinformation import is_valid

## PoC_CVE-2021-28482.py
import requests
import time
import sys
from base64 import b64encode
from requests_ntlm2 import HttpNtlmAuth
from urllib3.exceptions import InsecureRequestWarning
from urllib import quote_plus

requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

## mitm6.rules
# Snort & Suricata signatures for:
# https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6

alert udp fe80::/12 [546,547] -> fe80::/12 [546,547] (msg:"FOX-SRT - Policy - DHCPv6 advertise"; content:"|02|"; offset:48; depth:1; reference:url,blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/; threshold:type limit, track by_src, count 1, seconds 3600; classtype:policy-violation; sid:21002327; rev:2;)
alert udp ::/0 53 -> any any (msg:"FOX-SRT - Suspicious - WPAD DNS reponse over IPv6"; byte_test:1,&,0x7F,2; byte_test:2,>,0,6; content:"|00 04|wpad"; nocase; fast_pattern; threshold: type limit, track by_src, count 1, seconds 1800; reference:url,blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/; classtype:attempted-admin; priority:1; sid:21002330; rev:1;)

## fofa_rule.sql
/*
 Navicat Premium Data Transfer

 Source Server         : localhost
 Source Server Type    : MySQL
 Source Server Version : 50542
 Source Host           : localhost
 Source Database       : rule

 Target Server Type    : MySQL
	# coding:utf-8
	""" 管理后台、未授权的管理后台 """
	import unittest
	from urllib2 import urlparse
	from bs4 import BeautifulSoup
	from bs4.element import Tag
	from poc_common.utils import get_hostname_port_url
	from poc_common.utils import c_requests as requests
	from scripts.poc_common.misinformation import is_valid
	import requests
	import time
	import sys
	from base64 import b64encode
	from requests_ntlm2 import HttpNtlmAuth
	from urllib3.exceptions import InsecureRequestWarning
	from urllib import quote_plus

	requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
	# Snort & Suricata signatures for:
	# https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6

	alert udp fe80::/12 [546,547] -> fe80::/12 [546,547] (msg:"FOX-SRT - Policy - DHCPv6 advertise"; content:"\|02\|"; offset:48; depth:1; reference:url,blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/; threshold:type limit, track by_src, count 1, seconds 3600; classtype:policy-violation; sid:21002327; rev:2;)
	alert udp ::/0 53 -> any any (msg:"FOX-SRT - Suspicious - WPAD DNS reponse over IPv6"; byte_test:1,&,0x7F,2; byte_test:2,>,0,6; content:"\|00 04\|wpad"; nocase; fast_pattern; threshold: type limit, track by_src, count 1, seconds 1800; reference:url,blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/; classtype:attempted-admin; priority:1; sid:21002330; rev:1;)
	/*
	Navicat Premium Data Transfer

	Source Server : localhost
	Source Server Type : MySQL
	Source Server Version : 50542
	Source Host : localhost
	Source Database : rule

	Target Server Type : MySQL