# Alert for LDAP Injection
alert tcp any any -> 14.128.64.3 80 ( \
msg:"LDAP injection detected"; \
gid:1000007; \
sid:1000018; \
rev:1; \
pcre:"/^(\(|cn=|\*|ldap:\/|uid=|userPassword=|version=|(&|\|){2})/Ui"; \
)
# Alert for Directory Indexing
alert tcp any any -> 14.128.64.3 80 ( \
msg:"Directory indexing detected"; \
gid:1000007; \
sid:1000019; \
rev:1; \
content:"Index of /"; \
nocase; \
file_data; \
)
# Alert for Weak Passwords
alert tcp any any -> any any ( \
msg:"Weak password detected"; \
sid:1000001; \
rev:1; \
content:"password="; \
nocase; \
http_method; \
http_client_body; \
content:"/(?i)\bpassword=(admin|administrator|manager|guest|test|scott|tomcat|root|user|operator|anonymous|Abcd|aaaa|1234|1111|public|blank)\b/"; \
)
# Alert for Admin Page Exposure
alert tcp any any -> 14.128.64.3 80 ( \
msg:"Admin page exposure detected"; \
gid:1000004; \
sid:1000009; \
rev:1; \
pcre:"/\b(administrator?|manager)\b/i"; \
http_uri; \
)
'정보보안' 카테고리의 다른 글
| [정보보안기사] 정보보호 개요 (2) | 2023.05.24 |
|---|---|
| 모의해킹 기술면접 준비 (2) | 2023.04.06 |
| snort rule 만드는법 (0) | 2023.03.07 |
| Windows PE구조와 NT헤더 (3) | 2023.02.20 |