Microsoft Sql - Default Logins

ID: mssql-default-logins

Severity: high

Author: Ice3man543,tarunKoyalwar

Tags: js,mssql,default-login,network

Description

A MSSQL service was accessed with easily guessed credentials.

YAML Source

id: mssql-default-logins

info:
  name: Microsoft Sql - Default Logins
  author: Ice3man543,tarunKoyalwar
  severity: high
  description: |
    A MSSQL service was accessed with easily guessed credentials.
  metadata:
    max-request: 7
    shodan-query: port:1433
  tags: js,mssql,default-login,network

javascript:
  - pre-condition: |
      var m = require("nuclei/mssql");
      var c = m.MSSQLClient();
      c.IsMssql(Host, Port);
    code: |
      var m = require("nuclei/mssql");
      var c = m.MSSQLClient();
      c.Connect(Host,Port,User,Pass)
    args:
      Host: "{{Host}}"
      Port: "1433"
      User: "{{usernames}}"
      Pass: "{{passwords}}"
    payloads:
      usernames:
        - sa
        - root
        - admin
      passwords:
        - SqlServer0
        - SqlServer2021
    attack: clusterbomb
    matchers:
      - type: dsl
        dsl:
          - "response == true"
          - "success == true"
        condition: and
# digest: 4b0a00483046022100f5e6e592926e7a1eac66b5c0fbb88199b99e42ca6b97fd5549bdd972dd69cd87022100809c7233f45516b1bf510b1317b3a2124c6a0acf00ff5a1cbfc78856f0514cd6:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "javascript/default-logins/mssql-default-logins.yaml"

View on Github