Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.35
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
etc /
crowdsec /
scenarios /
Delete
Unzip
Name
Size
Permission
Date
Action
CVE-2017-9841.yaml
517
B
-rw-r--r--
2024-10-04 14:15
CVE-2019-18935.yaml
584
B
-rw-r--r--
2024-10-04 14:15
CVE-2022-26134.yaml
510
B
-rw-r--r--
2024-10-04 14:15
CVE-2022-35914.yaml
479
B
-rw-r--r--
2024-10-04 14:15
CVE-2022-37042.yaml
747
B
-rw-r--r--
2024-10-04 14:15
CVE-2022-40684.yaml
588
B
-rw-r--r--
2024-10-04 14:15
CVE-2022-41082.yaml
551
B
-rw-r--r--
2024-10-04 14:15
CVE-2022-41697.yaml
536
B
-rw-r--r--
2024-10-04 14:15
CVE-2022-42889.yaml
803
B
-rw-r--r--
2024-10-04 14:15
CVE-2022-44877.yaml
608
B
-rw-r--r--
2024-10-04 14:15
CVE-2022-46169.yaml
1.2
KB
-rw-r--r--
2024-10-04 14:15
CVE-2023-22515.yaml
587
B
-rw-r--r--
2024-10-04 14:15
CVE-2023-22518.yaml
541
B
-rw-r--r--
2024-10-04 14:15
CVE-2023-49103.yaml
600
B
-rw-r--r--
2024-10-04 14:15
CVE-2024-38475.yaml
609
B
-rw-------
2024-10-04 14:15
apache_log4j2_cve-2021-44228.yaml
929
B
-rw-r--r--
2024-10-04 14:15
f5-big-ip-cve-2020-5902.yaml
723
B
-rw-r--r--
2024-10-04 14:15
fortinet-cve-2018-13379.yaml
580
B
-rw-r--r--
2024-10-04 14:15
grafana-cve-2021-43798.yaml
618
B
-rw-r--r--
2024-10-04 14:15
http-admin-interface-probing.yaml
773
B
-rw-r--r--
2024-10-04 14:15
http-backdoors-attempts.yaml
639
B
-rw-r--r--
2024-10-04 14:15
http-bad-user-agent.yaml
681
B
-rw-r--r--
2024-10-04 14:15
http-crawl-non_statics.yaml
673
B
-rw-r--r--
2024-10-04 14:15
http-cve-2021-41773.yaml
561
B
-rw-r--r--
2024-10-04 14:15
http-cve-2021-42013.yaml
568
B
-rw-r--r--
2024-10-04 14:15
http-cve-probing.yaml
722
B
-rw-------
2024-10-04 14:15
http-generic-bf.yaml
1.46
KB
-rw-r--r--
2024-10-04 14:15
http-open-proxy.yaml
518
B
-rw-r--r--
2024-10-04 14:15
http-path-traversal-probing.yaml
715
B
-rw-r--r--
2024-10-04 14:15
http-probing.yaml
570
B
-rw-r--r--
2024-10-04 14:15
http-sensitive-files.yaml
721
B
-rw-r--r--
2024-10-04 14:15
http-sqli-probing.yaml
908
B
-rw-r--r--
2024-10-04 14:15
http-w00tw00t.yaml
426
B
-rw-r--r--
2024-10-04 14:15
http-wordpress-scan.yaml
625
B
-rw-------
2024-10-04 14:15
http-xss-probing.yaml
873
B
-rw-r--r--
2024-10-04 14:15
jira_cve-2021-26086.yaml
722
B
-rw-r--r--
2024-10-04 14:15
mysql-bf.yaml
407
B
-rw-r--r--
2024-03-12 23:06
netgear_rce.yaml
602
B
-rw-r--r--
2024-10-04 14:15
pulse-secure-sslvpn-cve-2019-11510.yaml
787
B
-rw-r--r--
2024-10-04 14:15
spring4shell_cve-2022-22965.yaml
512
B
-rw-r--r--
2024-10-04 14:15
ssh-bf.yaml
881
B
-rw-r--r--
2024-10-04 14:15
ssh-cve-2024-6387.yaml
479
B
-rw-------
2024-10-04 14:15
ssh-slow-bf.yaml
913
B
-rw-r--r--
2024-10-04 14:15
thinkphp-cve-2018-20062.yaml
750
B
-rw-r--r--
2024-10-04 14:15
vmware-cve-2022-22954.yaml
637
B
-rw-r--r--
2024-10-04 14:15
vmware-vcenter-vmsa-2021-0027.yaml
590
B
-rw-r--r--
2024-10-04 14:15
Save
Rename
type: trigger format: 2.0 name: crowdsecurity/netgear_rce description: "Detect Netgear RCE DGN1000/DGN220 exploitation attempts" filter: | evt.Meta.log_type in ['http_access-log', 'http_error-log'] && Lower(QueryUnescape(evt.Meta.http_path)) startsWith Lower('/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=') groupby: "evt.Meta.source_ip" blackhole: 2m references: - "https://www.exploit-db.com/exploits/25978" labels: confidence: 3 spoofable: 0 classification: - attack.T1595 - attack.T1190 behavior: "http:exploit" label: "Netgear RCE" service: netgear remediation: true