""ET WEB_SPECIFIC_APPS Jenkins Script Console Usage (Metasploit Windows CMD Shell)""
SID: 2016295
Revision: 6
Class Type: attempted-user
Metadata: affected_product Any, attack_target Client_and_Server, created_at 2013_01_25, deployment Perimeter, deployment Internet, deployment Internal, deployment Datacenter, signature_severity Critical, tag Metasploit, updated_at 2013_01_26
Reference:
Protocol: tcp
Source Network: $EXTERNAL_NET
Source Port: any
Destination Network: $HOME_NET
Destination Port: $HTTP_PORTS
Flow:
Contents:
-
Value: "POST"
-
Value: "/script"
-
Value: "sun.misc.BASE64Decoder"
-
Value: ".decodeBuffer"
-
Value: "cmd.exe"
Within:
PCRE: "/\/script\/?$/Ui"
Special Options:
-
http_method
-
nocase
-
http_uri
-
nocase
-
nocase
-
http_client_body
-
nocase
-
http_client_body
-
http_client_body
-
fast_pattern